Connect and collaborate with fellow Blackbaud users.
We have failed our latest Security Metrics PCI Compliance scan. The message we received states:
TLS 1.0 Protocol Detection:
This is a new vulnerability that was recently added to our scanners and is regarding the use of TLS 1.0. This protocol (TLS 1.0) will no longer be considered PCI compliant after June 30, 2018. To resolve this isue you will either need to ask your Web-Host to either disable TLS 1.0 on the site or have them provide you with a Risk Mitigation and Assessment plan so we can dispute the issue as a False Positive. The Risk Mitigation Plan is just an explanation about why TLS is enabled and how they plan on getting it disabled before the deadline.
Does this mean our site is not PCI compliant?