PCI DSS V4.0 Encryption Requirement
Afternoon All,
Was wondering if somebody could just sanity check my thoughts please if you dont mind, so we are a SAQ D service provider that doesnt process any payments at all but holds CDE data on our file server for a short period of time.
When Version 4.0 came into effect we purchased a very expensive full disk encryption solution, we have been far from impressed with the company, who we had to use at the time due to limited solutions on the market.
We would like to start looking around for other solutions/companies that provide this service, however looking around and reading this reddit, not many people seem to be mentioning 3.5.1 as a major issue, or talking about solutions/companies that provide this solution.
Im starting to wonder if im missing something, or not really understanding the requirement correctly?
My pespective was always data had to be consistently encrypted if its at rest or in use, and only decrypted when a user opens and is accessing the file/data, then re-encrypted when it is closed.
Any input/thoughts/explanation on this would be really really appreciated.
Many Thanks