Don’t get caught out of compliance – upgrade your UC now.

TLS Compliance Requirements and Cisco Unified Communications

Compliance requirements for many industries necessitate ensuring the use of TLS (Transport Layer Security) 1.1 or higher; many mandating this change to be in place by June of 2018.

Cisco has addressed this requirement with the release of Cisco Unified Communications Manager v11.5(1)SU3 and its successors.  With Cisco UC 11.5(1)SU3 or higher you obtain the ability to disable TLS 1.0, ensuring that your system can only use TLV v1.1 or v1.2 for compliance.

What happens on 30 June 2018?

June, 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data and HIPAA requirements for email security.

What is the risk?

Even a system that supports the recommended TLS 1.2 encryption can be at risk.  When such a system talks with other systems that also support TLS 1.2 they both will negotiate to TLS 1.2.  If the system also supports TLS 1.1 or TLS 1.0, a man in the middle attack can connect using the less secure protocols.  The key point here is that you need to disable the TLS 1.0 and 1.1 in addition to preferring TLS 1.2.

Summary table of the most common Cisco Collaboration products and software.

An excerpt from a PCI Security Standards Council publication:

“Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commerce partners or customers who haven’t yet started the migration away from SSL/early TLS to a more secure encryption protocol? Read on for key questions and answers that can help with saying goodbye to SSL/early TLS and reducing the risk of being breached. “

Cisco 8800 endpoints
PCI Table

More information and documentation visit the PCI Document Library:

Start thinking about upgrading now. SMP can help with this upgrade, and ensure you are within compliance mandates related to TLS encryption before the deadline.