πΌ 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks.
-
Contextual name: πΌ 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks.
-
ID:
/frameworks/pci-dss-v4.0/04/02/01 -
Located in: πΌ 4.2 PAN is protected with strong cryptography during transmission.
Descriptionβ
As following:
- Only trusted keys and certificates are accepted.
- Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. This bullet is a best practice until its effective date; refer to applicability notes below for details.
- The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations.
- The encryption strength is appropriate for the encryption methodology in use.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/04/01/frameworks/pci-dss-v4.0.1/04/02/01
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks. | 1 | 6 | 9 | |
| πΌ PCI DSS v4.0.1 β πΌ 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks. | 2 | 9 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks. | 1 | 6 | 9 | |
| πΌ PCI DSS v4.0.1 β πΌ 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks. | 2 | 9 |
Sub Sectionsβ
Policies (9)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS ACM Certificate expires in the next 7 days π’ | 1 | π’ x6 |
| π AWS ACM RSA Certificate key length is less than 2048 bits π’ | 1 | π’ x6 |
| π AWS S3 Bucket Policy is not set to deny HTTP requests π’ | 1 | π’ x6 |
| π Azure App Service FTP deployments are not disabled π’ | 1 | π’ x6 |
| π Azure App Service HTTPS Only configuration is not enabled π’ | 1 | π’ x6 |
| π Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled π’ | 1 | π’ x6 |
| π Azure Storage Account Secure Transfer Required is not enabled π’ | 1 | π’ x6 |