NonStop Insider

job types


Site navigation


Recent articles


Editions


Subscribe


For monthly updates and news.
Subscribe here
NonStop Insider

PCI-DSS 4.0 is here This is what you need to know

CSP

AdrianAdrian

CSP logo

The latest revision of the Payment Card Industry Data Security Standards, version 4.0, has now been released.

CSP-Aug22-1

The PCI Security Standards Council issued version 4.0 of the PCI Data Security Standard (PCI-DSS) on March 31, 2022. PCI-DSS v4.0 replaces PCI-DSS version 3.2.1 to address emerging threats and technologies and provide innovative ways to combat new threats.

There are sixty-four new requirements in PCI-DSS v4.0. Some of these requirements are effective immediately for all PCI-DSS v4.0 assessments, but most of these remain best practices for now and will not come into effect until March 31, 2025.

The twelve core PCI-DSS requirements did not fundamentally change with PCI-DSS v4.0, and they remain the critical foundation for securing payment card data.

However, the requirements were redesigned to focus on security objectives and to guide how security controls should be implemented. It’s also worth noting that PCI-DSS v3.2.1 will be retired on March 31, 2024.

What is New in PCI-DSS v4.0?

The goal of the updated security payment standard is to “address emerging threats and technologies and enable innovative methods to combat new threats,” per the PCI Security Standards Council. Some of the key high-level objectives are:

  1. Continue to meet the security needs of the payments industry.
  2. Promote security as a continuous process.
  3. Increase flexibility for organizations using different methods to achieve security objectives.
  4. Enhance validation methods and procedures.

Ensure Compliance with Multi-Factor Authentication

CSP-Aug22-2

Multi-factor authentication has become vital in ensuring secure access to systems and other valuable resources. It provides superior safety measures when attempting to access systems and financial applications, and is also an important requirement to comply with regulations such as PCI-DSS 4.0 and GDPR.

Modern authentication methods represent a more robust security structure than simple passwords. They also provide a better user experience when logging into applications. MFA makes it easier for auditors to get answers to critical compliance questions.

CSP Authenticator+® provides multi-factor authentication for NonStop servers and supports various authentication methods. It can be used as a Safeguard SEEP or with Pathway and non-Pathway applications. Almost any application, including TACL, can now easily support multi-factor authentication.

The new CSP Authenticator + cloud-native application was developed using a modern cloud-based framework. This redesign focuses on providing security, flexibility, and scalability.

Multiple authentication methods such as RADIUS, Active Directory, RSA, and Open LDAP are supported. Additional authentication methods include Email, Text Message, and Google Authenticator.

New features:

Benefits:

CSP-Aug22-3

CSP Authenticator+ Key Features:

CSP – Compliance at your Fingertips®

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®
The CSP Team
+1(905) 568 –8900

CSP-Aug22-4