If you're classified as a service provider, you're required to maintain a documented description of your cryptographic architecture including any cryptographic algorithms security protocols and keys, including the keys specific to usage expiration date and strength

Click to see a short video on PCI DSS 3.2’s Section 3.5.1 requirement.

 

Freed Maxick 3.5.1 Guidance   

Relative to documented cryptographic architecture, our recommendation is that organizations who are subject to PCI DSS compliance should take proactive steps to maintain an up to date listing of cryptographic tools being utilized to protect cardholder data.

 

PCI DSS Resources 

For more guidance on this issue and other PCI DSS requirements, read our blog post on new requirements for 2018 that includes a downloadable overview of all recent updates and revisions.

 

An overview of Freed Maxick services for PCI DSS Compliance can be found here. For a more detailed discussion of your organization’s situations and needs, contact us here or call me at 716.847.2651.

……………………………………………………

 

View full article