SP10 Release - A Focus on Security for BBIS
Published
Security continues to be a focus for our Blackbaud Internet Solutions (BBIS) product. Read more about changes coming in SP10 to keep your constituent, user and credit card information safe.
As part of our normal product improvement processes, we review our security measures, protocols, and infrastructure on an ongoing basis. Every release is tested and we strive to certify our products with the current payment industry standards for PCI-DSS and PA-DSS.
Blackbaud Internet Solutions (BBIS) is now being audited and certified separate from CRM. BBIS will comply with Payment Application Data Security Standard (PA-DSS) version 3.2, released by the PCI Security Standards Council in June 2016 with changes made in the 4.0 SP10 release as well as a future SP10 hotfix. The certified BBIS release version for PA-DSS 3.2 will be a SP10 hotfix that will be released by November 30th.
More information about PA-DSS v 3.2 is available via press release from the PCI Security Standards Council: https://www.pcisecuritystandards.org/pdfs/PA_DSS_3.2_Press_Release.pdf
As a result of this recent update to the PA-DSS standards, we have made some changes in SP10 -
Samantha McGuin
Senior Product Manager
Blackbaud
Blackbaud Internet Solutions (BBIS) is now being audited and certified separate from CRM. BBIS will comply with Payment Application Data Security Standard (PA-DSS) version 3.2, released by the PCI Security Standards Council in June 2016 with changes made in the 4.0 SP10 release as well as a future SP10 hotfix. The certified BBIS release version for PA-DSS 3.2 will be a SP10 hotfix that will be released by November 30th.
More information about PA-DSS v 3.2 is available via press release from the PCI Security Standards Council: https://www.pcisecuritystandards.org/pdfs/PA_DSS_3.2_Press_Release.pdf
As a result of this recent update to the PA-DSS standards, we have made some changes in SP10 -
- Site-wide secure pages (via https) is now required. Https-only is fast becoming an industry standard protocol. Your BBIS transactional pages (those pages that take donations, event registrations - anything requiring a payment or transfers personal information - have always been secure. An option for all of your BBIS pages to tranfer all pages through https has always been available to you via an Administrative configuration setting in BBIS. We recommend that you enable site wide secure pages as soon as possible in a test environment, so that you can review and plan for any adjustments needed to your BBIS website. SP10 will permanently enable site-wide secure pages (over https). This means that all BBIS pages now will be rendered only over https. Click here to see the full FAQs on how this may affect your websites.
- We have also changed the way BBIS encrypts and stores passwords. This change will be transparent to most organizations using BBIS. However, any third-party integrations that use Single Sign On for authentication might be affected. You will need to engage those third-parties to review the changes required by PA-DSS v 3.2 and determine how they might affect integration with BBIS and we recommend some extra testing of this area prior to applying SP10 to your production environment.
Samantha McGuin
Senior Product Manager
Blackbaud
News
ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
10/11/2016 1:07pm EDT