Samuel, You're completely correct that the requirements change in June, but for now the PCI Security Standards Council seems to consider 3DES to be "strong security." <https://www.pcisecuritystandards.org/pci_security/glossary#T> Given that June is only a few months away, security consultants are understandably interested in knowing more about the transition plan. Thus this thread.
First, for future readers: "[t]he PCI Attestation of Compliance for Google Cloud Platform is shared with customers under NDA. <https://cloud.google.com/security/compliance/pci-dss/>" If you need more details, reach out to the sales team <https://cloud.google.com/contact/> to get the relevant documentation. You don't need a support contract for this. Now to your question, I don't know (and given the NDA requirement probably couldn't share) what specific changes will be made ahead of the new requirements. If having those specifics is important, please reach out to the sales folks. If getting ahead of the requirements is important, then go ahead and file a ticket with technical support now. Regards, Jesse On Wednesday, April 4, 2018 at 3:35:05 AM UTC-4, Samuel Melrose wrote: > > Thanks guys from Google Cloud Support. > > I have to ask though - we have 15+ custom domains across multiple > different apps, all of which have to be PCI-DSS compliant. > > Are you saying the platform won't be compliant by default? (by having the > weak cipher enabled and suggesting it has to be disabled manually per > domain, plus by the end of June, TLSv1.2+ only will be a requirement). > > We chose App Engine for the out of the box PCI-DSS compliance, but this > thread seems to be suggesting otherwise.. ?? > > We do have Gold support so I will open this privately closer to the > deadline, but for the benefit of others who may have the same issue, it > would be great if we could get an answer here. > > On Tuesday, April 3, 2018 at 10:15:05 PM UTC+1, Fady (Google Cloud > Platform) wrote: >> >> As to update this community thread, working with Nikolaus, and the >> Engineering team we were able to disable the cipher (3DES) for his custom >> domain. >> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/c4d2329b-9182-438a-83c1-0a3e26d563a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.