3 hours 37 minutes
welcome to the side. Very D mystifying PC idea says compliance course
this module focused on the goals of the P C I. D. Ss and the requirements associate it with him.
This video introduces you to requirement for
we will talk about some of the requirements associated with protecting the transmission of cardholder data.
The learning objective of this video is to explore how to satisfy requirements around protecting the transmission of cardholder data and ways you can satisfy The P. C. I. D. S s requirement for
requirement for is pretty short and straight to the point.
If it's being encrypted over networks, it needs to be encrypted.
The P. C I. D. S says does make the distinction that this requirement is focused on public networks. But really, for best practice, it should be the methodology you apply across all networks.
This image is just the depiction of two systems communicating via encrypted channels over an insecure network
requirement for 0.1. What's merchants to use strong cryptography and security protocols? The safeguard sensitive cardholder data during transmission
objective, you should meet our toe only trust the keys and certificates are accepted.
You secure protocols and support only secure versions or configurations
use encryption strength that is appropriate for the encryption methodology and use.
A good auditor will be up to date on the latest vulnerabilities associated with cryptographic mechanisms.
As a merchant,
you have to understand that not all encryption is created. Equal
implementation and support of weaker encryption tools can lead to an insecure environment,
So you need to know top to bottom how you've implemented your inbound and outbound transmission encryption schemes.
An important note is that of As of June 2018 you could no longer support early SSL
or early T L s implementations or SSL
requirement for that one. That one is around wireless.
As a merchant, you must ensure wireless networks transmitting cardholder data or connected to the cardholder data environment. Used industry best practices to implement strong encryption for authentication and transmission.
PC ice. Put out an implementation guide for best Practices and wireless located here.
Requirement 4.2 should be ingrained in all staff that handles cardholder data.
They should never send unprotected pans by end user messaging technologies,
for example, e mail, instant messaging, SMS chat
or any of the application shown in this image.
These are insecure protocols and will lead to sensitive data spilling into environments. Outside of the CD,
an auditor will observe how merchants handle any messaging technologies and make sure that it's written in policy that cardholder data is not to be used in the tech
and finally for requirement for
requirement for 0.3 wants to ensure that security policies and operational procedures for encrypting transmissions of cardholder data is documented
in use and known by all those who operate within the environment.
In summary, we discussed all of the mandates associated with PC High Requirement for
Requirement for Wants to make sure our cardholder data is transmitted across the networks is secure from eavesdropping.
Included was a guide for deploying wireless networks within the cardholder data environment.
No for a quick Quist
As long as a merchant is using some encryption to transmission, transmit data, they're in compliance.
Some encryption ciphers have proven vulnerabilities associated with them.
Make sure you're only using up to date strong encryption mechanisms