PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
July/August 2011

PCI virtualization guidance warns of compliance challenges

The PCI Security Standards Council is warning merchants about the complexities of protecting credit card data running in virtualized systems and cautioning that some configurations may make it nearly impossible for organizations to achieve compliance.  The PCI DSS Virtualization Guidelines Information Supplement (.pdf), issued in June, has long been awaited by merchants, qualified security assessors (QSAs) and other security experts.  In addition to providing information on virtualized systems located within the network, the document addresses merchants using cloud computing services for payment transactions. While the PCI virtualization document could help reduce the ambiguity in how QSAs assess virtualized environments, the report may be too broad, says Diana Kelley, a partner with Amherst, N.H.-based consulting firm SecurityCurve.   “There's a lot of useful information here and it's a step towards better information on how to protect cardholder data in a virtualized environment,” Kelley says.  “Given the scope of this ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue