Skip to main content
banner image
venafi logo

You Have 2 Days to Replace TLS 1.0 Certificates before Risking PCI Compliance. What Do You Do?

You Have 2 Days to Replace TLS 1.0 Certificates before Risking PCI Compliance. What Do You Do?

PCI DSS Deadline for TLS 1.0
June 29, 2018 | Scott Carter

Any organization that processes payment cards is subject to PCI DSS compliance. Any of those organizations that are still using SSL or early TLS (TLS 1.0 and in certain instances TLS 1.1) should either be panicking or setting aside huge budget amounts for compliance fines. After June 30, any terminals that use TLS 1.0 will no longer be PCI compliant and may be subject to penalties.

Published in April of 2015, PCI DSS v3.1 mandated the migration from SSL and early TLS to newer more secure versions of the protocol. The original completion deadline for this migration was June 2016, but that was extended by two years and is now June 30, 2018. The same deadline was upheld in PCI DSS v3.2, which was published in April of 2016.

According to Emma Sutcliffe, PCI SSC Senior Director of Data Security Standards, “The 30 June 2018 deadline is a very important milestone. After this date, SSL and Early TLS may no longer be used as a security control for PCI DSS, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect, as defined in PCI DSS Appendix A2.”

One of the reasons that the PCI standard may be concerned with TLS protocol versions is that new vulnerabilities are regularly found in encryption protocols. For example, SSL/TLS has had several vulnerabilities over time, such as Heartbleed, POODLE and DROWN. To reduce the chance of compromise, organizations should be using more secure protocol versions.

The good news is that a quick look at Venafi Trustnet data shows that almost all of the top retail organizations have already migrated from TLS 1.0. Those who haven’t may still be in the final stages of migration.

At this point, manual replacement will take way longer than just two days (the time left to migrate to maintain compliance). Regardless, manual remediation of vulnerable or outdated protocols is not ideal. It’s costly in terms of resources and introduces the risk of human error.

But if you happen to be one of the 1% who have waited until the last minute, there’s only one thing that could possibly help you: Automation. In particular automated machine identity management will help you quickly locate and replace certificates based on attributes, such as TLS protocol.

Venafi offers a solution designed to help you significantly increase your visibility and apply automation to ensure a more comprehensive migration away from SSL and early TLS. Our platform uses network discovery features to quickly identify both known and unknown certificates throughout your enterprise. It then inventories and categorizes your certificates based on certificate attributes. So you can quickly see which keys and certificates are vulnerable and still need to be migrated to more secure versions of TLS.

Learn more about PCI DSS and how it may impact your certificates in our education center.

Related posts

Like this blog? We think you will love this.
NIST SP 1800
Featured Blog

Why Is NIST SP 1800-16 So Important? [Think Executive Buy-In]

"The executive summary is a perfect tool to reach out to your executives and gain their sponsors

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more