4 – Encrypt Transmission of Cardholder Data
In the Reports Portal, select > > > > .
PCI Requirement 4 focuses on managing and maintaining the security of the card holder data when it is transmitted over open or public networks. Transmitted data should be encrypted. Malicious users can exploit vulnerabilities in cryptographic hashes and keys, as well as through SSL and TLS. For example, the Heartbleed Bug is a known SSL vulnerability.
To assess your enterprise's compliance with this requirement, use the following reports:
| Dashboards | Reports |
|---|---|
|
n/a |
Cryptographic Hash Algorithm Related Vulnerabilities Cryptographic Public Key Related Vulnerability Detected Cryptographic Symmetric Key Related Vulnerabilities |
Cryptographic Hash Algorithm Related Vulnerabilities
Reports events by host name that indicate potential vulnerabilities related to hash algorithms. All cryptographic hashes that directly use the full output of a Merkle–Damgård construction are vulnerable to length extension attacks. The table provides results by name of the event, host and IP address, and number of events.
Cryptographic Public Key Related Vulnerability Detected
Reports flaws found in cryptographic public keys on hosts, as reported by vulnerability scanners in your environment. The table provides results by name of the event, host and IP address, and number of events.
Cryptographic Symmetric Key Related Vulnerabilities
Reports vulnerabilities related to cryptographic symmetric keys by the address or host name of the target asset. The table provides results by the target asset, the device vendor and product, the number of events, and when the most recent event occurred.
Cryptographic Weak Protocol Vulnerability Detected
Reports all vulnerabilities associated with weak cryptographic protocol. The table provides results by the vulnerability name, the affected assets, the number of events, and when the most recent event occurred.
Reports all SSL and TLS vulnerabilities detected by host name. The table provides results by name of the event, host and IP address, and number of events.
Reports TLS BREACH vulnerabilities detected by host name. A TLS BREACH attack is a form of the CRIME attack against HTTP compression. The table provides results by name of the event, host and IP address, and number of events.
Reports the hosts detected with vulnerabilities to a TLS CRIME attack. In a CRIME attack, malicious users access the content of secret authentication cookies, so they can hijack sessions of an authenticated web session, then launch additional attacks. The table provides results by name of the event, host and IP address, and number of events.
Wireless Encryption Violations
Reports the hosts that have wireless encryption violations, as detected by vulnerability scanners. The table provides results by name of the event, host and IP address, and number of events.