Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks
The use of strong cryptography provides greater assurance in preserving data confidentiality, integrity, and non-repudiation.
To protect against compromise, PAN must be encrypted during transmission over networks that are easily accessed by malicious individuals,
including untrusted and public networks. Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols
continue to be targeted by malicious individuals aiming to exploit these vulnerabilities to gain privileged access to cardholder data environments
(CDE). Any transmissions of cardholder data over an entity’s internal network(s) will naturally bring that network into scope for PCI DSS since
that network stores, processes, or transmits cardholder data. Any such networks must be evaluated and assessed against applicable PCI DSS
requirements.
Requirement 4 applies to transmissions of PAN unless specifically called out in an individual requirement.
PAN transmissions can be protected by encrypting the data before it is transmitted, or by encrypting the session over which the data is
transmitted, or both. While it is not required that strong cryptography be applied at both the data level and the session level, it is recommended.
Go on to Requirement 5 - Malware.
Go back to Requirement 3 - Data Storage.