Link to home
Create AccountLog in
Avatar of sunhux
sunhux

asked on

Is PCI DSS compliance applicable to site to site VPN

I'm looking for a PCI DSS compliance doc that specifies what are the scope & areas the compliance covers.

Is PCI DSS compliance applicable to site to site VPN?  If so, did it say it must use SHA2 & not SHA1 by a certain date?
If we can't get SHA2 working, is there a workaround?
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of sunhux
sunhux

ASKER

Thanks very much.

If our site to site vpn currently uses self-signed certs (not a cert from a CA), does it hv any bearing on SHA1 being deprecated?  Or as long as we use an MS product (eg Outlook or IE) at both sites, we will be affected?  But the 2 sites' vpn are Checkpoint n Watchguard which dont deprecate SHA1?  Hope I am not saying no-sense

Secondly as site to site vpn is for encryption n protection against MITMA, does collision attacks weaken the encryption or the mitigation against MITMA?
Avatar of sunhux

ASKER

Typo correction, should read:
 But the 2 sites' vpn endpoints  are created between Checkpoint n Watchguard ...
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account