|Applies To||RSA Product Set: Web Threat Detection|
RSA Product/Service Type: Mitigator
RSA Version/Condition: 4.6, 5.x, 6.0
|Issue||Customer may be concerned with the current data security standards (data in motion, and data at rest) that WTD uses and wants assurance that these standards are compliant with a modern industry standard such as PCI Compliance. |
Example of a customer requirement --
Based on the security document provided by RSA**, it appears Silvertail/WTD uses RSA for encryption, which is an acceptable algorithm, however, RC4 is no longer accepted based on the current Payment Card Industry (PCI) standards.
An approved encryption algorithm that RSA Silvertail/WTD can use would be AES 128 bit is acceptable, but 256 bit would be much better.
** Last Data Access and Security document was published for Version 3.1 in 2012
|Resolution||Update from Engineering and Product Management in September 2016.|
After investigating the issue, Engineering has determined the current state of WTD(version 6.0 and affecting all versions)
To add support for stronger encryption, the client should have a choice what to use
Project Management believes that this commitment to a fix should provide PCI compliance going forward.