Frequently Asked Question
Does PCI DSS define which versions of TLS must be used?
No. However, PCI DSS does not consider SSL or early TLS to be strong cryptography.
The term "early TLS" does not refer to a specific version(s) of the protocol, but rather it refers to any version of TLS that is vulnerable to a known exploit. This includes, at a minimum, TLS versions 1.0 and 1.1. All versions of SSL also do not meet the PCI DSS definition of strong cryptography.
The term “early TLS” is intended to help entities identify and prioritize mitigation efforts for TLS implementations known to be inherently vulnerable. Entities should have processes to monitor threats as they continue to evolve and as new versions of the protocol are released to address those threats, and to keep the entity's cryptographic implementations up to date to prevent them becoming vulnerable to known exploits.
Cryptographic implementations, including TLS, must use and support modern cryptographic algorithms, secure configuration settings, and other features as needed to meet the intent of strong cryptography. This means that every TLS implementation, irrespective of the protocol version, must apply strong cryptography using an appropriate cipher suite to implement a secure key exchange algorithm, strong cryptography, and an appropriate message authentication for strong cryptography and security protocols.
It is expected that systems conducting negotiation of TLS protocols use the strongest cipher suites first, with subsequent negotiation to mutually supported cipher suites only if needed, but always within the bounds of the minimum standard of strong cryptography and security protocols. TLS connections must not use symmetric ciphers that provide a block size less than 128 bits (such as TDEA). It is considered best practice to implement TLS versions and cipher suites that support forward secrecy and the implementation of ciphers utilizing post-quantum cryptography (for key exchange and end-point authentication).
Entities using TLS should review their implementations against industry references (such as the current version of NIST SP 800-52) for guidance on configuration options that meet the intent of strong cryptography. Note that, while industry guidelines such as NIST SP 800-52 may provide additional insight into specific configurations and implementations and provide the rationale for implementing particular controls, PCI DSS does not mandate the use of external standards or guidance in meeting strong cryptography. In addition to monitoring specific threats to cryptographic implementations, entities should monitor changes in industry best practices and standards, and where applicable, entities should apply modifications to minimum cryptographic standards used within their environments to ensure that sensitive information such as account data and authentication credentials remain secured.
For the PCI DSS definition of "strong cryptography," refer to the PCI DSS Glossary of Terms, Abbreviations, and Acronyms in PCI DSS v4.x Appendix G, available in PCI SSC's Document Library, under the PCI DSS drop-down menu.
Related
-
Do ASV scans in SAQ A apply to merchants with webpages that redirect to TPSPs or include TPSPs’ embedded iframes?
-
Are authentication values from a 3DS transaction considered sensitive authentication data for PCI DSS purposes?
-
Should entities with enterprise or internal service providers, used to provide internal services to other corporate entities, conduct separate PCI DSS assessments of these service providers or include them as part of each corporate entity’s PCI DSS assessment?
Featured FAQ Articles
Featured
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
-
Can SAQ eligibility criteria be used as a guide for determining applicability of PCI DSS requirements for merchant assessments documented in a Report on Compliance?
Most Popular
-
Do ASV scans in SAQ A apply to merchants with webpages that redirect to TPSPs or include TPSPs’ embedded iframes?
-
Are authentication values from a 3DS transaction considered sensitive authentication data for PCI DSS purposes?
-
Should entities with enterprise or internal service providers, used to provide internal services to other corporate entities, conduct separate PCI DSS assessments of these service providers or include them as part of each corporate entity’s PCI DSS assessment?
-
What is the impact if an entity uses a third-party service provider (TPSP) to meet a PCI DSS requirement(s), when that TPSP’s PCI DSS assessment completion date is close to a year ago, as documented in the TPSP’s Attestation of Compliance (AOC)?
-
Are Approved Scanning Vendors and Qualified Security Assessors considered third-party service providers for PCI DSS Requirements 12.8 and 12.9?
Most Recently Updated
-
Does PCI DSS define which versions of TLS must be used?
-
Do ASV scans in SAQ A apply to merchants with webpages that redirect to TPSPs or include TPSPs’ embedded iframes?
-
Are authentication values from a 3DS transaction considered sensitive authentication data for PCI DSS purposes?
-
Is sampling allowed in PCI DSS v4.x?
-
How does PCI DSS apply to payment terminals?