https://community.isc2.org/t5/Industry-News/PCI-DSS-12-3-3/m-p/74976#M7288 <P>&nbsp;</P><DIV class=""><DIV class=""><P><A href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1342468679" target="_blank" rel="noopener">@Gerardojr83</A>&nbsp;&nbsp;&nbsp; Given there is a multitude of tools for Quantum Safe, here are some suggestions:</P><P>&nbsp;</P><P><A href="https://www.ibm.com/quantum/blog/crypto-agility" target="_blank" rel="nofollow noopener noreferrer">https://www.ibm.com/quantum/blog/crypto-agility</A></P><P>&nbsp;</P><P><A href="https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM" target="_blank" rel="nofollow noopener noreferrer">https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM</A></P><P>&nbsp;</P><P><A href="https://owasp.org/www-project-cyclonedx/" target="_blank" rel="nofollow noopener noreferrer">https://owasp.org/www-project-cyclonedx/</A></P><P>&nbsp;</P><P>There are many others available.</P><P>&nbsp;</P><P>These generally allow you to create a Cryptographic Bill of Materials or CBOM.</P><P>&nbsp;</P><P>Other tools such as Kali, Nessus etc, but obvious get permission before you use such tools on organisations networks etc.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P></DIV></DIV><DIV class="">&nbsp;</DIV> Tue, 05 Nov 2024 20:33:43 GMT Caute_cautim 2024-11-05T20:33:43Z https://community.isc2.org/t5/Industry-News/PCI-DSS-12-3-3/m-p/74938#M7287 <P>I'm having trouble finding a good solution that would be needed for one of the new PCI 4.0 controls:</P><P>12.3.3 Cryptographic cipher suites and protocols in use<BR />are documented and reviewed.</P><P>What is a good tool to scan for cryptographic ciphers and protocols within an environment? I believe NMAP (Zenmap for Windows) could work but the test scans I've performed do not give accurate results as I can see vulnerability scanning tools pick up other ciphers and protocols that NMAP does not. '</P><P>&nbsp;</P><P>Any help or advice is much appreciated.&nbsp;</P> Mon, 04 Nov 2024 21:10:57 GMT https://community.isc2.org/t5/Industry-News/PCI-DSS-12-3-3/m-p/74938#M7287 Gerardojr83 2024-11-04T21:10:57Z https://community.isc2.org/t5/Industry-News/PCI-DSS-12-3-3/m-p/74976#M7288 <P>&nbsp;</P><DIV class=""><DIV class=""><P><A href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1342468679" target="_blank" rel="noopener">@Gerardojr83</A>&nbsp;&nbsp;&nbsp; Given there is a multitude of tools for Quantum Safe, here are some suggestions:</P><P>&nbsp;</P><P><A href="https://www.ibm.com/quantum/blog/crypto-agility" target="_blank" rel="nofollow noopener noreferrer">https://www.ibm.com/quantum/blog/crypto-agility</A></P><P>&nbsp;</P><P><A href="https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM" target="_blank" rel="nofollow noopener noreferrer">https://owasp.org/blog/2023/10/03/CycloneDX-Cryptography-CBOM</A></P><P>&nbsp;</P><P><A href="https://owasp.org/www-project-cyclonedx/" target="_blank" rel="nofollow noopener noreferrer">https://owasp.org/www-project-cyclonedx/</A></P><P>&nbsp;</P><P>There are many others available.</P><P>&nbsp;</P><P>These generally allow you to create a Cryptographic Bill of Materials or CBOM.</P><P>&nbsp;</P><P>Other tools such as Kali, Nessus etc, but obvious get permission before you use such tools on organisations networks etc.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P></DIV></DIV><DIV class="">&nbsp;</DIV> Tue, 05 Nov 2024 20:33:43 GMT https://community.isc2.org/t5/Industry-News/PCI-DSS-12-3-3/m-p/74976#M7288 Caute_cautim 2024-11-05T20:33:43Z