Security News > 2021 > December > PCI SSC updates its device security standard for HSMs
The PCI SSC published the latest version of its device security standard for Hardware Security Modules.
The PCI PIN Transaction Security Hardware Security Module Modular Security Requirements Version 4.0 ensures that HSM devices provide the strongest protection for critical data elements used in card verification, PIN processing, chip transaction processing, payment card personalization, secure cryptographic key loading, remote HSM administration and other payment authentication activities.
PCI PTS HSM Security Requirements v4.0 includes the addition of a new evaluation module and approval class for evaluating cloud-based HSMs that are used as part of an HSM-as-a-service offering.
"The security of cryptographic devices is a critical part of protecting payment data," says Emma Sutcliffe, SVP, Standards Officer at PCI SSC. "The latest evolution of the PCI PTS HSM Security Requirements reflects the payment industry's need for flexible payment security solutions."
Vendors can begin using PCI PTS HSM Requirements v4.0 now for payment device evaluations.
Refer to the PCI PTS Device Testing and Approval Program Guide for detailed information regarding the transition period.