Inside the Maze: The Challenges of Cryptography During an Assessment (I22d)
Cryptography plays an important role in compliance with PCI standards, such as PCI DSS, P2PE, and PCI PIN. Assessors need to look at cryptosystems for handling payment data as well as other components like credentials and remote access. Many organizations and their assessors struggle to even understand where all of their cryptographic elements reside and how to fairly evaluate them. This discussion will examine a few case studies, drawn from composites of various assessments, to look at the cryptographic challenges and how to navigate them when seeking compliance with PCI standards.