Apparently the new changes in PCI DSS v1.2 (due out in October) are going to require more robust wireless security. As if no new WEP implementations after March 2009 and none at all after June 2010 weren’t enough…Wireless must now be “implemented according to industry best practices (e.g., IEEE 802.1x) using strong encryption for authentication and transmission”.
Yeah right!! So people using WEP not only have to upgrade their hardware but they’ve also got to take on the 802.1x beast for authentication and encryption? Maybe in the enterprise but not for SMBs. I suspect we’ll either see a lot of wireless-centric PCI violations or SMBs will just yank their wireless altogether. Maybe it’s time for me be a good time to invest in some of these wireless security vendors.
Hopefully I’m just interpreting the new requirements incorrectly.