maravis.com

PA DSS requires vendors to ensure that the chain of trust is maintained for all installation and update files. These are primarily laid out in 7.2.a and 7.2.b PA-DSS 1.2 document. What this means is that customers should be able to verify that the files that they install/update are actually from you (authentication) and that they have not been modified (integrity).

I get a lot of questions from clients going through PCI or PA DSS assessments about what encryption and key strengths to use. The requirements just say that strong encryption should be used without going into details on algorithms or key strengths. Most people have no clue on what can be used and what cannot.

The next version of both the PCI and PA DSS standards are going to be officially released Oct 28, 2010. The new standards will take effect Jan 11, 2011.