New multi-factor authentication rules, added service provider regulations and extended migration dates are among the features of the newly-released Payment Card Industry Data Security Standard 3.2 upgrade.
The upgrade, released in late April, spells out some significant changes in how cardholder data is accessed. The move comes as a result of the Verizon 2016 Data Breach Investigations Report
that confirms 63 percent of all breaches involved weak, default or stolen passwords.
PCI DSS 3.2 now requires that system administrators who have access to a Cardholder Data Environment (CDE) must use multi-factor authentication. Single-factor authentication for local access is no longer acceptable.
In addition to local access changes, the new regulations also put a heavier burden on service providers. These are the organizations that help merchants store, process or transmit customer data.
PCI DSS 3.2 requires service providers to detect and report on the failing of critical security control systems and to have a penetration test every six months in addition to running quarterly checks to ensure their personnel are following security protocols.
Finally, the new rules extend the time merchants should switch from the less secure Security Sockets Layer (SSL) and early Transport Layer Security (TLS) clients to the more secure version of TLS (currently 1.0 or higher). The transition initially was to be required by July 1 of this year, but the PCI Council pushed back the date to July 1, 2018 to ease the transition.
For more information on the new requirements, please visit the PCI Council's website
Sword & Shield's experts are also happy to help you choose your path to compliance. Give us a call at 244-3500 or email us at firstname.lastname@example.org
For more information on PCI and the new security standards, please see:New PCI DSS Rules Have Big Changes for Service ProvidersMerchants Should Develop a Clear Path to PCI Compliance that Includes Security
HIPAA Workshop Helps with Writing Policies and Procedures
In order to comply with HIPAA guidelines, healthcare organizations and the Covered Entities and Business Associates that support them are required to have a comprehensive set of policies and procedures that cover all the requirements of the HIPAA Security, Privacy, and Breach notification rules.
But, let's face it, writing policies and procedures from scratch can be a difficult and time-consuming process for many companies.
As a result, Sword & Shield is pleased to offer a two-day policy and procedure development workshop from 9 a.m. to 5 p.m. June 1-2
to assist companies with creating a complete set of policies and procedures that map to the HIPAA requirements. The cost is $599.See MoreKnoxville Cyber Sessions
Sword & Shield Director of Computer Forensics and Security Assessments Bill Dean will discuss ransomware at the next Knoxville Cyber Sessions on Thursday, June 30 from 11:30 a.m. to 1 p.m. at the Square Room.
In "Ransomware - Testing Everyone's Resolve," Dean will discuss how the world's biggest cyber security threat
"For the most part, cybersecurity defenses and controls are handled differently by each organization," he said. "This is primarily due to the fact that there has not been a common threat for all organizations, until now."
Ransomware has evolved from a nuisance to one of cybersecurity's fiercest threats, instilling fear into everyone. This presentation will provide the history, details, and true impact ransomware will have on your organization.
Don't be a victim. Register today to enjoy a good meal while you learn how to protect your organization from cyber threats.Register Now