ASV Program Guide 3.1 Mandates SSL/TLS Migration by May 2019
The ASV Program Guide, last revised to version 3.1, has made significant changes regarding SSL and early TLS. The publishing organization remains unnamed in the provided search results. Key updates include a non-compliance marking for supporting components and a deadline for migration.
The latest revision of the ASV Program Guide, version 3.1, mandates marking components that support SSL or early TLS as non-compliant. This change is part of an ongoing effort to enhance security standards. Previously, ASV scan customers were given until June 30, 2018, to migrate away from SSL/early TLS. Failure to comply may result in PCI Fail markings for specific QIDs.
Two particular QIDs, 38601 and 42366, will be affected by this change. Starting May 1, 2019, these QIDs will be marked as PCI Fail due to vulnerabilities associated with SSL/TLS. However, organizations can still use compensating controls to mitigate these issues if SSL/early TLS is still in use. Additionally, false positives or exceptions can be submitted for a 'PCI Pass' to avoid non-compliance markings.
The ASV Program Guide's latest revision requires marking SSL/early TLS supporting components as non-compliant. Two QIDs will be marked as PCI Fail due to SSL/TLS vulnerabilities from May 1, 2019. Organizations can use compensating controls and submit exceptions to maintain PCI compliance.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Goodyear in 2025: Advancement in Total Mobility through the Launch of Kmax Gen-3 by Goodyear
- Boston Metal pioneers route to commercial production for eco-friendly steel method
- Advanced automotive-grade adhesive tapes with cutting-edge technology
