Know exactly where CHD is coming from and being sent to, inside and outside of your organization.
*This article was taken from our PCI Guide. For more information on this topic, download our free PCI Guide.
Build off of the data flow diagrams discussed in the tips in Requirement 3.3. Know exactly where CHD is coming from and being sent to, inside and outside of your organization. Make sure your CHDis encrypted when transmitted over open public networks using strong and industry accepted encryption technologies.
Are you using strong encryption on all CDE impacting services? I have noticed that some companies are still using older technologies even though the latest is also supported. For example, CDE web servers using TLS 1.3 or TLS 1.2 are still accepting connections using TLS 1.1. Disable all insecure protocols and encryption.
Companies should also leverage tools that can analyze web services and report any insecure setups. You may not be aware of all your services accessible over the internet. Run these tools often to help ensure you are using acceptable protocols and encryption strengths.
Leverage tools that can analyze web services and report any insecure setups.
Some organizations may have a large number of TLS certificates. Start inventorying those now and remove those certs not needed. 2025 seems far off, but it will come quickly. Don’t wait.
.svg)
