*** Companion blog http://blog.airtightnetworks.com/pci-3-1-guidelines-ssl-vulnerability *** Companion whitepapers: 1) Do My Security Controls Achieve Wireless PCI DSS? PCI Compliance in the New World of Threats – whitepaper [PDF] http://go.airtightnetworks.com/PCI_DSS_3.1_Whitepaper_Impact_on_Wi-Fi_Security.html 2) PCI 3.1 and the Impact on Wi-Fi Security – whitepaper [PDF] http://go.airtightnetworks.com/PCI_DSS_3.1_Compliance_In_A_New_World_Of_Threats.html *** Companion webinar: Do my security controls achieve the spirit of wireless PCI DSS? Register for the webinar: May 5th 8am PDT [on-demand] https://attendee.gotowebinar.com/register/3592031186368052738 --------- On April 15th 2015, the PCI Security Standards Council (PCI SSC) published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. The revision addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk. Available now on the PCI SSC website, PCI 3.1 is effective immediately. https://www.pcisecuritystandards.org/security_standards/documents.php >>> PCI DSS 3.0 will be retired on 30 June 2015. <<< PCI SSC explains: https://www.pcisecuritystandards.org/pdfs/15_04_15%20PCI%20DSS%203%201%20Press%20Release.pdf “The National Institute of Standards and Technology (NIST) identified SSL (a cryptographic protocol designed to provide secure communications over a computer network) as not being acceptable for the protection of data due to inherent weaknesses within the protocol. Upgrading to a current, secure version of Transport Layer Security (TLS), the successor protocol to SSL, is the only known way to remediate these vulnerabilities, which have been exploited by browser attacks such as POODLE and BEAST.” Source: PCI Council Publishes Revision to PCI Data Security Standard — PCI DSS 3.1 and supporting guidance helps organizations address vulnerabilities within SSL protocol that put payment data at risk; PA-DSS revision to follow — PCI Security Council, April 2015.