Have an account?
  •   Personalized content
  •   Your products and support

Need an account?

Create an account
3 months to go for the PCI compliance deadline – Are you ready?

June 30, 2018 is right around the corner! Are you ready?

June 30 2018 – an important deadline if your organization transmits debit card and credit card data over IT and voice systems.  According to the Payment Card Industry Data Security Standard (PCI DSS) version 3.2 release, if you are in the online/e-commerce space and/or have not migrated from SSL/early TLS to a secure encryption format, then you will need to do so before the migration deadline.  The recommended secure encryption protocol is TLS v1.2, although v1.1 is acceptable.

To learn more about securing your voice and video communications, watch this.

 

What is SSL/early TLS? What is the risk of continuing to use it?

SSL and early TLS are cryptographic protocols that provide data integrity and privacy between two communicating systems or computer applications.  These protocols are usually revised a number of times to address continuing security threats.  The latest vulnerability, if left unaddressed, could cause serious data and privacy breaches within an organization, and leave important customer data unprotected.

 

What is PCI DSS compliance? Whom does it apply to?

PCI DSS is a set of security standards devised to safeguard all companies that accept, obtain, process, save or transmit credit card information.  It applies to organizations of all sizes with any number of online transactions that accept, pass on or store cardholder information – this could be via the phone, internet, or any other means.

 

What if you are non-compliant by the deadline?

Your organization could be at a serious risk for data breaches if you are non-compliant to this new release.  Furthermore, if you are found to be non-compliant, you could be fined anywhere between $5,000 and $100,000 per month.  These violations could also incur huge card replacement costs and in-depth investigations into your business.

 

As a Cisco customer, how do I become PCI DSS compliant?

If you have: The requirement is: Cisco recommends:

Any software release earlier than 11.5.1 of CUCM, IM&P, uCXN, PCD or Jabber 10.6

The customer must have an active SWSS contract

Upgrade to Release 11.5.1 or higher with active SWSS contract or Collaboration Flex Plan.

Legacy video systems (TX or CTS Series), DX 650, or analogue gateways (VG20X)

The customer must disable all http -based management and maintenance capabilities

Replace non-compliant video systems with PCI-compliant Cisco DX Series, SX Series, MX Series, or Cisco Room Series

Legacy telephones (99xx, 89xx, 79xx, 69xx series)

The customer must disable all http -based management and maintenance capabilities

Replace non-compliant phones with PCI-compliant Cisco IP Phone 7800 Series or 8800 Series

 

Click here to learn more about TLS 1.2 for Cisco Unified Communications, and here to download the whitepaper.

 

Where can I learn more about PCI DSS?

Visit https://www.pcisecuritystandards.org/ to learn more about PCI and the June 30, 2018 migration deadline.

 

Whom can I contact to get my Cisco systems PCI compliant?

Click here to have a Cisco representative contact you regarding upgrades or replacement of your Cisco systems in order to remain PCI compliant.