2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
PCI-DSS 4.0 is here This is what you need to know
CSP
AdrianThe latest revision of the Payment Card Industry Data Security Standards, version 4.0, has now been released.
The PCI Security Standards Council issued version 4.0 of the PCI Data Security Standard (PCI-DSS) on March 31, 2022. PCI-DSS v4.0 replaces PCI-DSS version 3.2.1 to address emerging threats and technologies and provide innovative ways to combat new threats.
There are sixty-four new requirements in PCI-DSS v4.0. Some of these requirements are effective immediately for all PCI-DSS v4.0 assessments, but most of these remain best practices for now and will not come into effect until March 31, 2025.
The twelve core PCI-DSS requirements did not fundamentally change with PCI-DSS v4.0, and they remain the critical foundation for securing payment card data.
However, the requirements were redesigned to focus on security objectives and to guide how security controls should be implemented. It’s also worth noting that PCI-DSS v3.2.1 will be retired on March 31, 2024.
What is New in PCI-DSS v4.0?
The goal of the updated security payment standard is to “address emerging threats and technologies and enable innovative methods to combat new threats,” per the PCI Security Standards Council. Some of the key high-level objectives are:
- Continue to meet the security needs of the payments industry.
- Promote security as a continuous process.
- Increase flexibility for organizations using different methods to achieve security objectives.
- Enhance validation methods and procedures.
Ensure Compliance with Multi-Factor Authentication
Multi-factor authentication has become vital in ensuring secure access to systems and other valuable resources. It provides superior safety measures when attempting to access systems and financial applications, and is also an important requirement to comply with regulations such as PCI-DSS 4.0 and GDPR.
Modern authentication methods represent a more robust security structure than simple passwords. They also provide a better user experience when logging into applications. MFA makes it easier for auditors to get answers to critical compliance questions.
CSP Authenticator+® provides multi-factor authentication for NonStop servers and supports various authentication methods. It can be used as a Safeguard SEEP or with Pathway and non-Pathway applications. Almost any application, including TACL, can now easily support multi-factor authentication.
The new CSP Authenticator + cloud-native application was developed using a modern cloud-based framework. This redesign focuses on providing security, flexibility, and scalability.
Multiple authentication methods such as RADIUS, Active Directory, RSA, and Open LDAP are supported. Additional authentication methods include Email, Text Message, and Google Authenticator.
New features:
- New cloud-based framework – A new cloud native application built using modern technologies
- Support for Kubernetes Helm deployments – easy to deploy in cloud environments using Kubernetes framework
- Support for High Availability environments – Create highly available Kubernetes clusters for resiliency
- No differentiation between Primary and Secondary authentication – users can choose any mix of available authentication methods, and even choose more than 2 authentication methods
- Application based authentication methods are now supported, and more authentication methods are being added. Authentication methods currently supported include RSA, LDAP, Active Directory, RADIUS, Google and Microsoft authenticator, OTP via Email, and OTP via SMS
- Set different authentication methods for different user groups and privileged groups
- Redesigned user-interface makes it more intuitive and user friendly
- Maintain a matrix of authentication profiles, policies (authentication methods), and users
- Support for various databases, including Amazon S3, Atlas Cloud service, MongoDB, etc.
Benefits:
- Protect valuable resources and data
- Add layers of authentication for secure access to systems and critical applications
- Address PCI compliance requirement 8.3 which requiring multi-factor authentication for all personnel with remote access, and non-console administrative access to the cardholder data environment
- Integrate with centralized ID management systems to effectively manage users
CSP Authenticator+ Key Features:
- Support for multiple authentication factors including RSA, RADIUS, Active Directory, and LDAP, Microsoft, Google, OTP
- Create various profiles and policies for different set of users, and applications
- Ability to use more than two authentication methods
- Provides standardized authentication across platforms
- Configure for all or only selected/privileged users
- Fully encrypted communications with cloud native application
- Supports various databases
- Support for new authentications methods
- Supports TACL, Pathway and Non-Pathway applications
CSP – Compliance at your Fingertips®
For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com
We Built the Wiki for NonStop Security ®
The CSP Team
+1(905) 568 –8900