Skip to main content
banner image
venafi logo

2015 PCI SIG Presentations—Rallying the Vote for Securing Keys and Certificates

2015 PCI SIG Presentations—Rallying the Vote for Securing Keys and Certificates

2015 PCI SIG Presentations—Rallying the Vote for Securing Keys and Certificates
September 11, 2014 | Christine Drake

Today, at the 2014 PCI Community Meetings in Orlando, the 2014 PCI Special Interest Groups (SIGs) provided updates on their progress and presentations were given on the 2015 PCI SIG proposals in hopes of getting votes to become 2015 PCI SIG projects. As I’ve mentioned in previous blogs, Venafi has co-submitted a 2015 PCI SIG proposal with SecurityMetrics on Cryptographic Keys and Digital Certificates Security Guidelines. In the presentations today, Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi, delivered the presentation for this SIG proposal. Watching the sessions at the PCI Community Meetings, now is the right time for this important PCI SIG topic.

Kevin Bocek at 2014 PCI Community Meetings in Orlando

Today’s keynote from Bob Arno, >Adventures of a Theifhunter, really called into question our trust of other people. He talked about how teams of pickpockets work together to steal from unsuspecting victims and how they use the stolen credit cards. The pickpockets are successful, because we generally trust the people around us. Keys and certificates also establish trust, but, in both cases, criminals are leveraging this trust to avoid detection while committing their crimes.

Merchants, financial institutions, and payment processors rely on thousands of keys and certificates as the foundation of trust in the cardholder data environments (CDE), protecting cardholder data (CHD) across their websites, virtual machines, mobile devices, and cloud servers. Yet it is this very trust that cybercriminals want to use, not only to evade detection, but to achieve authentication and trusted status that bypasses other security controls and allows their actions to remain hidden. If only one of your critical keys or certificates is compromised, the digital trust you have established is eliminated. And this opens organizations up to PCI DSS audit failures and, more importantly, breaches.

The PCI SIG on Cryptographic Keys and Digital Certificates Security Guidelines has already rallied support from Global 100 merchants, PCI Qualified Security Assessors (QSAs), and security experts, and we’re looking for more support from the PCI community.

The 2015 PCI SIG proposals will be presented again at the 2014 PCI Community Meetings in Berlin (Oct 7-9). Then PCI Participating Organizations will vote on the 2015 PCI SIG proposals from October 13-23. After the vote, the PCI Security Standards Council (PCI SSC) will select 2-3 presentations to become 2015 PCI SIG projects. In early November, there will be a call for participation for the selected SIGs and the projects will kick off in January 2015.

Want more information? Want to get involved? Visit the website for the PCI SIG on Cryptographic Keys and Digital Certificates Security Guidelines at www.protecttrust.org.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

SSH Keys—Lowest Cost, Highest Risk Security Tool

Threats in encrypted tunnels

Threats Are Hiding in Encrypted Traffic on Your Network

Going Undetected: How Cybercriminals, Hacktivists, and Nation States Misuse Digital Certificates

About the author

Christine Drake
Christine Drake

Christine Drake writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat