How is Blackbaud NetCommunity impacted by PCI 3.1 and TLS 1.2 requirements?

In April 2015, Payment Card Industry Data Security Standard (PCI DSS) 3.1 was released and addresses security concerns with all SSL and early TLS cryptography. PCI 3.1 defines these levels of cryptography as weak and mandates a transition to TLS 1.2 by June 2018.

How does this mandate impact Blackbaud NetCommunity?
The impact and any subsequent actions necessary are dependent upon your hosting situation for Blackbaud NetCommunity.

If you are hosted by Blackbaud:

In October 2014, Blackbaud disabled SSL 3.0 for all hosted Blackbaud NetCommunity clients. PCI 3.1 states that TLS 1.0 can remain enabled as long as a mitigation plan is in place to disable the protocol by June 30, 2018. While TLS 1.0 is currently enabled on our servers, Blackbaud maintains a mitigation plan to disable TLS 1.0 by the cutoff date. 

If you receive a failed PCI compliance scan for your hosted Blackbaud NetCommunity website during this time, please chat with support and provide a full copy of the PCI scan. Blackbaud will work directly with the scanning service to provide our mitigation plan and certify the scan as a false positive. 

If you are not hosted by Blackbaud:

System administrators should work directly with their security team to confirm the correct way to address the requirements of PCI 3.1. In order to enable and utilize TLS 1.2, you will need to be on at least version 7.1 SP2 of Blackbaud NetCommunity and your Blackbaud NetCommunity web server will need Microsoft .NET Framework 4.5.2 installed.
Note: if your organization also uses Education Edge, you will need to leave TLS 1.0 enabled until upgrading to SP3 of BBNC.

.NET Framework 4.5.2 is compatible with Windows Server 2012, which is the recommended server for Blackbaud NetCommunity. For a full list of supported servers and the minimum configuration, see our system requirements guide. 

If you are still using Windows Server 2003, please see our considerations for Windows Server 2003 and Blackbaud NetCommunity along with the current necessary protocol and cipher configuration for Windows Server 2003 with Blackbaud hosted services.
Warning: By disabling certain protocol and cipher suite combinations, your connection to Blackbaud hosted services, such as Email (BBNC) Services and Payment Services, could be impacted. Your connection to these services can be tested by navigating to your website's testconfig page and checking the BBNC Service and BBPS WS lines towards the bottom of the page. 
Note:
If NetCommunity is on version 7.0 and below, review [netcommunityURL]/testconfig.aspx. 
If NetCommunity is on version 7.1 and above, refer to Knowledgebase

If Blackbaud NetCommunity is hosted by Blackbaud and your organization hosts The Raiser's Edge Web Services server (REWS):

System administrators should work directly with their security team to confirm the correct way to address the requirements of PCI 3.1 for the REWS. The same considerations for the Blackbaud NetCommunity version and the Microsoft .NET  Framework 4.5.2 as described above apply when attempting to enable TLS 1.2 on REWS. 

If you are still using Windows Server 2003 for REWS, the same considerations apply as described above for
Windows Server 2003 and Blackbaud NetCommunity.
Warning: By disabling certain protocol and cipher suite combinations, your REWS connection to your hosted Blackbaud NetCommunity website could be impacted.  Your REWS connection to Blackbaud NetCommunity can be tested by navigating to your website's testconfig page and checking the RE7 WS lines towards the top of the page.
Note:
If NetCommunity is on version 7.0 and below, review [netcommunityURL]/testconfig.aspx. 
If NetCommunity is on version 7.1 and above, refer to Knowledgebase
Note: Throughout this article, we have provided links to third-party websites. We provide links to third-party websites in an effort to help you resolve your issue. We are not responsible for the information on third-party websites, and we cannot assist in implementing the solutions on these websites.

For more information on TLS requirements: www.blackbaud.com/tls

 
Mitigation Document.docx

Environment

 Blackbaud NetCommunity

Was this article helpful?


Thanks for your feedback! Did this solve your issue?

Comments (optional):


Thanks for your feedback!
We're glad it was helpful but sorry it didn’t solve your issue. If you need assistance, click Chat with Support below.
We’re sorry to hear that. Please tell us why.

 I don't like how this works.

 The answer is confusing.

 The answer didn't match what I was searching for.

Additional Comments (optional):


Thanks for your feedback! If you need assistance, click Chat with Support below.
Thanks for your feedback. Help us make our products even better by sharing details in our Idea Banks or our online Community.
Thanks for letting us know. We'll work on clarifying the information in the article. If you need assistance, click Chat with Support below.
Thanks for letting us know. We'll work on updating the search engine to return more relevant results.