PCI 4:: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 12: | Line 12: | ||
::[[Image:Key-control.jpg]][[PCI-4.2:|PCI-4.2 Never send cardholder information via unencrypted e-mail.]]<br> | ::[[Image:Key-control.jpg]][[PCI-4.2:|PCI-4.2 Never send cardholder information via unencrypted e-mail.]]<br> | ||
<br> | <br> | ||
::*'''Maintain a Vulnerability Management Program.''' | |||
<br> | <br> | ||
--[[User:Mdpeters|Mdpeters]] 08:33, 7 July 2006 (EDT) | --[[User:Mdpeters|Mdpeters]] 08:33, 7 July 2006 (EDT) |
Revision as of 14:11, 7 July 2006
- Note that this does not apply to those employees and other parties with a specific need to see full credit card numbers.
- PCI-4.1 Use strong cryptography and encryption techniques (at least 128 bit) such as Secure Sockets Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSEC) to safeguard sensitive cardholder data during transmission over public networks.
- PCI-4.1.1 For wireless networks transmitting cardholder data, encrypt the transmissions by using Wi-Fi Protected Access (WPA) technology if WPA capable, or VPN or SSL at 128-bit. Never rely exclusively on WEP to protect confidentiality and access to a wireless LAN. Use one of the above methodologies in conjunction with WEP at 128 bit, and rotate shared WEP keys quarterly and whenever there are personnel changes.
- PCI-4.1.1 For wireless networks transmitting cardholder data, encrypt the transmissions by using Wi-Fi Protected Access (WPA) technology if WPA capable, or VPN or SSL at 128-bit. Never rely exclusively on WEP to protect confidentiality and access to a wireless LAN. Use one of the above methodologies in conjunction with WEP at 128 bit, and rotate shared WEP keys quarterly and whenever there are personnel changes.
- Maintain a Vulnerability Management Program.
--Mdpeters 08:33, 7 July 2006 (EDT)