PCI Council Extends SSL To TLS Deadline

12/23/2015

The PCI Council is extending the migration completion date to June 30, 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher).

Originally Released by the PCI Council

The PCI Council is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher).

These dates provided by PCI SSC as of December 2015 supersede the original dates issued in both PCI DSS v3.1 and in the Migrating from SSL and early TLS Information Supplement in April 2015.

For more information and answers to questions about new timelines, requirements and reasons for the adjustments, please review and share these PCI SSC resources:

  • Bulletin: Outlines details on the newly announced extension to implement a secure transition to TLS 1.1 or higher.
  • Webinar: Features insights and practical guidance from the PCI SSC, the National Institute of Standards and Technology (NIST) and members of the assessment community on making this important transition to protect your data and your customers.
  • PCI SSC Information Supplement: Provides guidance on use of interim risk mitigation approaches, migration recommendations and alternative options for strong cryptographic protocols.?

Thank you to all who have provided feedback on the issue, including members of the National Institute of Standards and Technology (NIST), members of the Financial Services Information Sharing Analysis Center (FS-ISAC), Retail Solution Providers Association, Hotel Technology Next Generation, National Restaurant Association and Retail Industry Leaders Association.?