Premium Content

Access "PCI virtualization guidance warns of compliance challenges"

Robert Westervelt Published: 18 Oct 2012

The PCI Security Standards Council is warning merchants about the complexities of protecting credit card data running in virtualized systems and cautioning that some configurations may make it nearly impossible for organizations to achieve compliance.  The PCI DSS Virtualization Guidelines Information Supplement (.pdf), issued in June, has long been awaited by merchants, qualified security assessors (QSAs) and other security experts.  In addition to providing information on virtualized systems located within the network, the document addresses merchants using cloud computing services for payment transactions. While the PCI virtualization document could help reduce the ambiguity in how QSAs assess virtualized environments, the report may be too broad, says Diana Kelley, a partner with Amherst, N.H.-based consulting firm SecurityCurve.   “There's a lot of useful information here and it's a step towards better information on how to protect cardholder data in a virtualized environment,” Kelley says.  “Given the scope of this document being both virtualization ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free