Updates, Guidance, and Stories from the Urbane team.
Recent Guidance from the PCI Council
One would think that the publication of the next version of the PCI DSS (April 2016) as well as the sunset date of the previous version (in October 2016) would constitute a pretty full year for PCI. However, the end of 2016 and beginning of 2017 saw a flurry of activity from the PCI Security Standards Council (PCI SSC), specifically around their Guidance Documents.
The following Information Supplements were published in the last year:
- Assessment Guidance for Non-Listed Encryption Solutions (November 2016)
- Guidance for PCI DSS Scoping and Network Segmentation (December 2016 & May 2017)
- Multi-Factor Authentication (February 2017)
- Best Practices for Securing E-commerce (April 2017)
While there is too much detail in each document to cover everything here, I’ve tried to summarize the information provided by each document and add any commentary that may help you understand the details in each supplement.
Evolving NIST Password Guidance and PCI
Passwords are difficult. They have to be a certain length, use certain characters, change at certain intervals, and worst of all they have to be memorable. But the NIST Trusted Identities Group thinks that should change.
The new draft version of NIST’s Digital Identity Guidelines (SP 800-63-3) is in the process of being finalized. The sub-publication on Authentication & Lifecycle Management (800-63b) contains some interesting changes to password composition and management. The document uses the term “memorized secrets” to refer to passwords and PINs. Also, as this is still a DRAFT version, it is advisable to wait for the final publication to refer to before changing security policies.
At ShmooCon? Join us upstairs at Suite 2101 for our pop-up coffee bar on Friday, Saturday, and Sunday.
Test Your Skill
Join us at the Urbane table for a heated 4 player head to head game of Simon. High scores each day will win great prizes. Find your Urbane Gaming Card in your ShmooCon bag and head on over!