The PCI Security Standards Council (SSC) published version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) in April 2016. It replaces version 3.1 of the Standard, which was retired on 31 October 2016.
Version 3.2 clarified and introduced new requirements to ensure that the Standard is up to date with emerging threats and changes in the market.
This green paper is aimed at those implementing PCI DSS v3.2 and those conducting audits to ensure an organization is compliant. It provides some background around the issues, and explains how encryption is incorporated into the Standard and how it can be audited.
- What strong cryptography means
- Explanation of the changes related to SSL and TSL
- The specific encryption requirements in PCI DSS v3.2
- How to determine the encryption strength
- How to do additional testing for compliance purposes