Bernie Weidel

PCI Guidance for SSLv3 and Early TLS issues with Mitigation & Migration Plans

Discussion created by Bernie Weidel on Sep 26, 2016

Per PCI Council guidance, vulnerabilities related to SSLv3 and TLSv1.0 / TLSv1.1 which cannot be fully remediated currently can be approved via a False Positive Request so long as the merchant provides a statement confirming that a Mitigation & Migration Plan is in place.

 

For more information on this topic, please see the official PCI Council Information Supplement 'Migrating from SSL and Early TLS' which can be found here: https://www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf?agreement=true&time=1474916345601

 

For instructions on how to submit a False Positive request, please click here:

https://community.qualys.com/docs/DOC-1582

Outcomes