
PCI Requirement 2.3 – Encryption
Administrative Access and Strong Encryption PCI Requirement 2.3 calls out the need to encrypt all non-console administrative access using strong cryptography. If your organization does not meet PCI Requirement 2.3, a malicious user could eavesdrop on your network’s traffic and gain sensitive administrative or operational information. Your organization does not have to encrypt all types of access, just administrative access. So, what does “administrative access” mean? If a…



