Document Comparison
PCI_PIN_Security_Modifications.pdf
→
PIN_Security_Rqrmts_Modifications_v2_Summary_of_Changes.pdf
24% similar
6 → 6
Pages
1489 → 1374
Words
22
Content Changes
Content Changes
22 content changes. 6 administrative changes (dates, page numbers) hidden.
Added
p. 2
Requirement Section(s) Modification Introduction Added criteria that acquiring entities must maintain a summary listing of the cryptographic keys used in connection with the acquiring and processing of PIN data.
Added “Limitations” section specifying:
1. Formal acknowledgement of the supremacy of national and local laws if in conflict with any requirement; and
2. Reference to contact payment brands for any compliance program details.
Added test procedures for all requirements.
Normative Annex A Split Annex A into two sub-Annexes as follows:
Increased minimum key size for Elliptic Curve and DSA keys to 224 and 2048/224 respectively.
Updated information for DH implementations and added information for ECDH implementations.
• added glossary terms.
Added “Limitations” section specifying:
1. Formal acknowledgement of the supremacy of national and local laws if in conflict with any requirement; and
2. Reference to contact payment brands for any compliance program details.
Added test procedures for all requirements.
Normative Annex A Split Annex A into two sub-Annexes as follows:
Increased minimum key size for Elliptic Curve and DSA keys to 224 and 2048/224 respectively.
Updated information for DH implementations and added information for ECDH implementations.
• added glossary terms.
Added
p. 3
Noted translation restrictions are not applicable to surrogate PANs used in tokenization implementations.
Specified that devices used for the generation of clear-text key components must be powered off when not in use; however logically partitioned devices used concurrently for other processes
•e.g., providing services simultaneously to host systems
•such as for transaction processing, must have key-generation capabilities disabled when not in use and other activities are continuing.
Added additional clarification to the prohibition of multi- use/purpose computing systems for key generation where any clear-text secret or private key or component thereof appears in unprotected memory.
Printers used for key generation can only be used for that purpose.
Specified that devices used for the generation of clear-text key components must be powered off when not in use; however logically partitioned devices used concurrently for other processes
•e.g., providing services simultaneously to host systems
•such as for transaction processing, must have key-generation capabilities disabled when not in use and other activities are continuing.
Added additional clarification to the prohibition of multi- use/purpose computing systems for key generation where any clear-text secret or private key or component thereof appears in unprotected memory.
Printers used for key generation can only be used for that purpose.
Added
p. 4
Specified that where an SCD (HSM or KLD) is conveyed with pre-loaded secret and/or private keys, the SCD must require dual-control mechanisms to become operational. Those mechanisms must not be conveyed using the same communication channel as the SCD. SCDs must be inspected for signs of tampering.
Added
p. 4
Specified that for logically partitioned HSMs and computing platforms, if one or more logical partitions of a physical device are used for production and one or more other logical partitions are used for testing, including QA or similar, the entire configuration must be managed and controlled as production.
Added
p. 5
Effective January 2017, KDHs must have a minimum length of 2048 for RSA or equivalent.
Clarified that the for key components for keys other than the HSM MFK that have been successfully loaded and confirmed as operational do not have to be destroyed if the HSM does not store the encrypted values on a DB but only stores the subordinate keys internal to the HSM, and that BDKs used in KLDs may also be stored as components where necessary to reload the KLD.
Specified criteria to follow where organizations are of such insufficient size that they cannot support the reporting- structure requirement.
Clarified that the for key components for keys other than the HSM MFK that have been successfully loaded and confirmed as operational do not have to be destroyed if the HSM does not store the encrypted values on a DB but only stores the subordinate keys internal to the HSM, and that BDKs used in KLDs may also be stored as components where necessary to reload the KLD.
Specified criteria to follow where organizations are of such insufficient size that they cannot support the reporting- structure requirement.
Added
p. 6
Clarified that synchronization errors between CCTV, intrusion detection and access control cannot exceed one minute.
Annex B Added criteria for where a secure room may not be required for key injection of encrypted keying material.
Annex B Added criteria for where a secure room may not be required for key injection of encrypted keying material.
Modified
p. 1
PCI SSC Modifications
• Summary of Changes
• Summary of Changes
PCI SSC Modifications
• Summary of Significant Changes
• Summary of Significant Changes
Removed
p. 2
Harmonized language such that words must and shall indicate a mandatory requirement. The word should indicates a best practice.
Normative Annex A Added additional language to clarify applicability of requirements.
Clarified that these requirements pertain to two distinct areas and differentiated by notation those requirements that pertain to the operation of a CA/RA:
• Clarified that Annex B applies to all entities that operate key injection facilities, including only on behalf of themselves.
• Removed Normative Annex A text to streamline. Normative Annex A still applies if applicable
Normative Annex A Added additional language to clarify applicability of requirements.
Clarified that these requirements pertain to two distinct areas and differentiated by notation those requirements that pertain to the operation of a CA/RA:
• Clarified that Annex B applies to all entities that operate key injection facilities, including only on behalf of themselves.
• Removed Normative Annex A text to streamline. Normative Annex A still applies if applicable
Modified
p. 2
PCI SSC Modifications to PCI PIN Security Requirements In the table below, “Main Body” refers to the Control Objectives and the PIN Security Requirements•Technical Reference sections of the PCI PIN Security Requirements manual.
PCI SSC Modifications to PCI PIN Security Requirements In the table below, “Main Body” refers to the Control Objectives and the “PIN Security Requirements
• Technical Reference” sections of the PCI PIN Security Requirements manual.
• Technical Reference” sections of the PCI PIN Security Requirements manual.
Modified
p. 2
Normative Annex A applies to specific requirements pertaining to acquiring entities involved in the implementation of symmetric key distribution using asymmetric keys (remote key distribution) or those entities involved in the operation of Certification and Registration Authorities for such purposes.
Normative Annex A applies to specific requirements pertaining to acquiring entities involved in the implementation of symmetric-key distribution using asymmetric keys (remote key distribution) or those entities involved in the operation of Certification and Registration Authorities for such purposes.
Modified
p. 2
Normative Annex B applies to specific requirements pertaining to entities that operate key- injection facilities.
Normative Annex B applies to specific requirements pertaining to entities that operate key-injection facilities.
Modified
p. 2
Technical Reference Updated Technical References Normative Annex A Normative Annex B Changed terminology from Data Encryption Standard (DES) to Data Encryption Algorithm (DEA).
Modified
p. 2
2. A2
• Certification and Registration Authority Operations: Operations of Certification and Registration Authority platforms used in connection with remote key-distribution implementations. These requirements apply only to the entities operating Certification and/or Registration Authorities.
• Certification and Registration Authority Operations: Operations of Certification and Registration Authority platforms used in connection with remote key-distribution implementations. These requirements apply only to the entities operating Certification and/or Registration Authorities.
Modified
p. 2
1. A1
• Remote Key-Distribution Using Asymmetric Techniques Operations: Characteristics of the actual key-distribution methodology implemented. These requirements apply to all entities implementing remote key distribution using asymmetric techniques.
• Remote Key-Distribution Using Asymmetric Techniques Operations: Characteristics of the actual key-distribution methodology implemented. These requirements apply to all entities implementing remote key distribution using asymmetric techniques.
Removed
p. 3
Purchase orders for Point of Interaction PIN- acceptance devices must specify compliance to the applicable PCI Point of Interaction Security Requirements.
Normative Annex B Clarified that where clear-text secret and/or private keys and/or their components do not reside within the secure boundary of an SCD for key loading, additional controls must be implemented as stated in Requirement 13.
• Added verbiage to address m-of-n key-sharing schemes.
• Clarified that e-mail shall not be used for the conveyance of secret or private keys or their components, even if encrypted unless the key (or component) has already been encrypted in accordance with these requirements, i.e., in an SCD.
Normative Annex B Clarified that where clear-text secret and/or private keys and/or their components do not reside within the secure boundary of an SCD for key loading, additional controls must be implemented as stated in Requirement 13.
• Added verbiage to address m-of-n key-sharing schemes.
• Clarified that e-mail shall not be used for the conveyance of secret or private keys or their components, even if encrypted unless the key (or component) has already been encrypted in accordance with these requirements, i.e., in an SCD.
Removed
p. 4
Specified that TR-31 or an equivalent methodology should be used for key loading whenever a symmetric key is loaded encrypted by another symmetric key.
Specified that mutual device authentication is required for host-to-host connections in addition to host-to-PIN acceptance device connections where public key techniques are used for key establishment.
Normative Annex B Clarified that: Applicability is to unencrypted secret and private keys and their components.
Non-SCDs shall not be used in the loading of clear- text secret or private keys or their components, outside of a secure key-loading facility, as delineated in Annex B. For example, ATM keyboards shall never be used for the loading of clear-text secret or private keys or their components.
Normative Annex B Clarified that: Where clear-text secret and/or private keys and/or their components do not reside within the secure boundary of an SCD for key loading, additional controls must be implemented as stated …
Specified that mutual device authentication is required for host-to-host connections in addition to host-to-PIN acceptance device connections where public key techniques are used for key establishment.
Normative Annex B Clarified that: Applicability is to unencrypted secret and private keys and their components.
Non-SCDs shall not be used in the loading of clear- text secret or private keys or their components, outside of a secure key-loading facility, as delineated in Annex B. For example, ATM keyboards shall never be used for the loading of clear-text secret or private keys or their components.
Normative Annex B Clarified that: Where clear-text secret and/or private keys and/or their components do not reside within the secure boundary of an SCD for key loading, additional controls must be implemented as stated …
Modified
p. 4 → 3
Normative Annex B Clarified that recorded or displayed key-component check values and key check values shall not exceed six hexadecimal characters in length.
Normative Annex B Clarified that full-length key components and key shares created using recognized key-splitting algorithms do not constitute “parts” of clear-text keys.
Removed
p. 5
Normative Annex B Clarified that where clear-text secret and/or private keys and/or their components do not reside within the secure boundary of an SCD for key loading, additional controls must be implemented as stated in Requirement 13.
Normative Annex B Clarified that master file keys and their variants used by host processing systems for encipherment of keys for local storage cannot be used for other purposes.
Normative Annex A Normative Annex B Specified conditions under which a production platform (HSMs and servers/stand-alone computers) may be temporarily used for test purposes.
Normative Annex B Specified that entities processing or injecting DUKPT or other key-derivation methodologies on behalf of multiple acquiring financial institutions must use different Base Derivation Keys for each financial institution. The processing entity may share one or more Base Derivation Keys for merchants that are sponsored by the same Acquirer.
Normative Annex B Clarified that: Applicability is to secret and private keys.
…
Normative Annex B Clarified that master file keys and their variants used by host processing systems for encipherment of keys for local storage cannot be used for other purposes.
Normative Annex A Normative Annex B Specified conditions under which a production platform (HSMs and servers/stand-alone computers) may be temporarily used for test purposes.
Normative Annex B Specified that entities processing or injecting DUKPT or other key-derivation methodologies on behalf of multiple acquiring financial institutions must use different Base Derivation Keys for each financial institution. The processing entity may share one or more Base Derivation Keys for merchants that are sponsored by the same Acquirer.
Normative Annex B Clarified that: Applicability is to secret and private keys.
…
Removed
p. 5
Normative Annex B Clarified that scope of the requirement includes the processing host master file key and its variants.
Normative Annex B Clarified that key destruction includes the components of secret and private keys as well as the keys themselves.
Normative Annex B Clarified that key destruction includes the components of secret and private keys as well as the keys themselves.
Removed
p. 6
Normative Annex A Increased minimum pass phrase from six to eight characters for Certification and Registration Authority relevant equipment.
Normative Annex A Added biometrics as an associated usage authentication mechanism for security tokens 26 N/A N/A 27 N/A N/A 28 N/A N/A Normative Annex B Specified that precautions must be taken to minimize the threat of compromise of PIN-processing equipment once deployed.
Normative Annex A Added biometrics as an associated usage authentication mechanism for security tokens 26 N/A N/A 27 N/A N/A 28 N/A N/A Normative Annex B Specified that precautions must be taken to minimize the threat of compromise of PIN-processing equipment once deployed.
Removed
p. 6
Added restrictions for logical access to PIN- processing equipment (HSMs).
Normative Annex B Specified physical security requirements for the key- injection area.
Normative Annex B Specified that HSM security policies/configurations must be validated to secure settings at least annually.
Specified that HSMs used for acquiring functions should not also be used for issuing functions, and that acquiring and issuing functionality should be logically segmented within a given network.
Specified that HSMs used for acquiring functions shall not be configured to output clear-text PINs.
Normative Annex B Specified physical security requirements for the key- injection area.
Normative Annex B Specified that HSM security policies/configurations must be validated to secure settings at least annually.
Specified that HSMs used for acquiring functions should not also be used for issuing functions, and that acquiring and issuing functionality should be logically segmented within a given network.
Specified that HSMs used for acquiring functions shall not be configured to output clear-text PINs.
Modified
p. 6 → 5
Normative Annex B Specified that secure areas must be established for the inventory of PEDs that have not had keys injected.
Normative Annex B Specified that key custodians must be employees or contracted personnel.