Although PCI (Payment Card Industry) security standards do not apply to the FMAudit applications given that they do not store, process, or transmit cardholder data, some recommendations in PCI DSS v3.2 regarding HTTPS/SSL/TLS protocols may indirectly affect any application that communicates across the internet.
How might FMAudit potentially be affected?
System administrators may have disabled the SSL 3.0 and TLS 1.0 communication protocols on the server that hosts FMAudit Central, the PC where FMAudit Onsite is installed, or both, leaving only TLS 1.1 or TLS 1.2 protocols enabled.
FMAudit Onsite was built on Microsoft .NET Framework 2.0, which originally did not support TLS 1.1 and TLS 1.2 because these protocols were released after it was created.
Onsite v3.7.4 (included in this release) or newer supports TLS 1.1 and 1.2 if the latest Windows Updates and some OS-specific Hotfixes are installed.
TLS 1.1 and TLS 1.2 are not available for Windows XP, Server 2003, Vista and Server 2008, so if TLS 1.0 is disabled on the Central server then these systems will not be able to communicate with Central.
For a complete guide on how to address TLS issues, please view the FMAudit TLS Security Guide.