PCI Requirement 4— Encrypt Transmission of Cardholder Data Across Open, Public Networks

As in the case of protecting stored data, the most reliable and efficient way to ensure that your transmitted data is not intercepted (confidentiality) or modified (integrity), is to encrypt it during transmission. PCI Requirement 4 spells out some specific details as it relates to these procedures for communication.

Let’s take a look at some of the specific PCI DSS sub-items in order to illuminate some of the terminology and the implications.

Requirement 4.1—Cryptography and Protocols
This requirement states “Use strong cryptography and security protocols such as secure socket layer (SSL)/transport layer security (TLS) and Internet protocol security (IPSec) to safeguard sensitive cardholder data during transmission over open, public networks.”

An open, public network is essentially any network that contains any kind of gateway device that provides clients on that network wired connectivity to the Internet at large.This describes the networks of pretty much every business today. Anytime your cardholder data is transmitted over the Internet or any network you are unsure is secure, that data has to be protected. The PCI DSS documentation specifically refers to the following as examples of open, public networks:
- The Internet
- Wireless Fidelity (WiFi)
- Global System for Mobile Communications (GSM)
- General Packet Radio Service (GPRS)

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Technorati

Trackback URL for this post:

http://www.securitycompliances.com/trackback/23

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • himoro1778
  • ur743v256
  • handbags1314
  • pkj8o6w74
  • l0w8y4x7b3