Banking
TLS inventory your examiners expect
Map external-facing crypto across APIs, portals, and email. Quantify HNDL on long-lived financial data with signed evidence.
Why banking
Board and regulator attention is here
- PCI-DSS 4.0 emphasizes crypto agility and inventory.
- Financial data shelf-life drives high HNDL exposure.
- No central inventory across TLS, JWKS, SSH, and email STARTTLS.
Frameworks
What auditors map to
PCI-DSS 4.0
Crypto agility and inventory expectations
NIST CSF
Risk governance and emerging threat programs
NIST IR 8547 / CNSA 2.0
Migration timeline alignment
Value
From spreadsheet to system of record
Spreadsheet inventory misses keys
Full scan: TLS, JWKS, SSH, email STARTTLS
HNDL on long-lived financial data
Mosca timeline quantifies exposure
PCI/exam evidence
Framework-mapped signed reports + /verify
One scan is not enough
Monitor tier catches crypto drift
Demo flow
What to show a CISO
- 1. bank-tls-inventory scenario scan
- 2. Mosca HNDL on financial data shelf-life
- 3. PCI-DSS 4.0 mapping in compliance pack
- 4. Signed PDF → /verify for assessor
Start with a bank TLS assessment
Run the pre-loaded scenario or request a pilot for your production domains.