DHS on PCI

The guidance on what's now being called point-to-point encryption that was recently reclesed by the PCI SSC was actually mentioned in a recent edition of the DHS's Daily Open Source Infrastructure Report. The DHS has a spin on this document that I hadn't seen before. Here's how they describe it:

During the past several years, some vendors have pitched end-to-end encryption as a way to eliminate the need to encrypt or tokenize database data for the purpose of PCI compliance.

I don't think that any vendors have pitched encryption as a way to eliminate the need to encrypt data. Maybe the author of the DHS report just wasn't being clear about what he meant.

Leave a Reply

Your email address will not be published. Required fields are marked *