Which SSL Reviews

SSL

NIST Embarks On A New Deadline For The SSL Migration

December 22, 2015 | By Editor 

SSL and early TLS encryption seems to be vulnerable to attack, including by Poodle and Heartbleed. This intervened the Payment Card Industry Security Standards Council (PCI SSC) to mandate the members to switch to a secure version of TLS by June 2016. But after a long turmoil and consider the due for migration has been revised to June 2018. which is a pretty long time for the migration to happen.

A webinar has been called upon with National Institute of Standards and Technology (NIST) for the Assessor community’s expert speakers to brainstorm and to provide intensive inputs on the vulnerabilities which will help to release the final versions of the document on its website

June 2016 was the deadline for migration. This was included in the PCI Data Security Standard version 3.1 that was published in April 2015. The deadline, which has been revised as June 2018 would be included in the next version of PCI DSS Document in 2016.

The migration from SSL to TLS would provide a tremendous amount of encryption and would also be very much simple technically. The prime aim to revise the migration and the extension to June 2018 is that it requires time for a global reach that all the merchants find their time to take the migration to happen at a smooth pace. This will help the merchants stay protected from data theft. It raises a clear picture to protect every business in demand neither small or big with our representatives from all parts of the ecosystem to stay protected with precautions in place before the bad guys take their avatar.

Reason for the extension of deadline

SSL has been the best and widely known means of encryption protocol that crosses a Vicennial period of time. Despite of vulnerable attacks lived in the online space, SSL has been the most preferred schema for protection until the detest by NIST in 2014

It has been clearly stated by the experts from NIST that there are no more chances to repair the loopholes of SSL through fixes or security patches. This reprimands every organization in the eCommerce market to make it a point to upgrade to look out for a secure alternative to stay away from any fall back driven from the vulnerable SSL or early TLS

As a result, after a strong discussion, PCI SSC took off SSL as an instance of efficient cryptography from PCI DS version 3.1 with an effective statement stating that it is not to be considered a security control any longer after June 30, 2016.

POODLE attack and Heartbleed has made SSL very much vulnerable and hence these stands a way to exploit the encryption and reason for major breaches.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in SSL

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory