3.7 Requirement 4

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 37 minutes
Difficulty
Beginner
CEU/CPE
4
Video Transcription
00:00
welcome to the side. Very D mystifying PC idea says compliance course
00:06
this module focused on the goals of the P C I. D. Ss and the requirements associate it with him.
00:12
This video introduces you to requirement for
00:15
we will talk about some of the requirements associated with protecting the transmission of cardholder data.
00:23
The learning objective of this video is to explore how to satisfy requirements around protecting the transmission of cardholder data and ways you can satisfy The P. C. I. D. S s requirement for
00:36
requirement for is pretty short and straight to the point.
00:40
If it's being encrypted over networks, it needs to be encrypted.
00:44
The P. C I. D. S says does make the distinction that this requirement is focused on public networks. But really, for best practice, it should be the methodology you apply across all networks.
00:57
This image is just the depiction of two systems communicating via encrypted channels over an insecure network
01:03
requirement for 0.1. What's merchants to use strong cryptography and security protocols? The safeguard sensitive cardholder data during transmission
01:12
objective, you should meet our toe only trust the keys and certificates are accepted.
01:19
You secure protocols and support only secure versions or configurations
01:23
use encryption strength that is appropriate for the encryption methodology and use.
01:30
A good auditor will be up to date on the latest vulnerabilities associated with cryptographic mechanisms.
01:36
As a merchant,
01:37
you have to understand that not all encryption is created. Equal
01:41
implementation and support of weaker encryption tools can lead to an insecure environment,
01:47
So you need to know top to bottom how you've implemented your inbound and outbound transmission encryption schemes.
01:53
An important note is that of As of June 2018 you could no longer support early SSL
02:01
or early T L s implementations or SSL
02:07
requirement for that one. That one is around wireless.
02:12
As a merchant, you must ensure wireless networks transmitting cardholder data or connected to the cardholder data environment. Used industry best practices to implement strong encryption for authentication and transmission.
02:25
PC ice. Put out an implementation guide for best Practices and wireless located here.
02:36
Requirement 4.2 should be ingrained in all staff that handles cardholder data.
02:40
They should never send unprotected pans by end user messaging technologies,
02:47
for example, e mail, instant messaging, SMS chat
02:53
or any of the application shown in this image.
02:55
These are insecure protocols and will lead to sensitive data spilling into environments. Outside of the CD,
03:02
an auditor will observe how merchants handle any messaging technologies and make sure that it's written in policy that cardholder data is not to be used in the tech
03:15
and finally for requirement for
03:17
requirement for 0.3 wants to ensure that security policies and operational procedures for encrypting transmissions of cardholder data is documented
03:27
in use and known by all those who operate within the environment.
03:32
In summary, we discussed all of the mandates associated with PC High Requirement for
03:38
Requirement for Wants to make sure our cardholder data is transmitted across the networks is secure from eavesdropping.
03:46
Included was a guide for deploying wireless networks within the cardholder data environment.
03:53
No for a quick Quist
03:54
tour. False.
03:57
As long as a merchant is using some encryption to transmission, transmit data, they're in compliance.
04:06
Some encryption ciphers have proven vulnerabilities associated with them.
04:11
Make sure you're only using up to date strong encryption mechanisms
Up Next