The new Payment Card Industry Data Security Standard is out, and it finally attempts to address regulatory compliance in virtual infrastructures. But there are still questions about the details of PCI DSS 2.0
The old standard didn't even mention the word virtualization, which left a lot of confusion. PCI DSS 2.0 attempts to clarify that, specifically stating that virtual machines (VMs) can handle credit card data -- as long as each VM is used for a single purpose and keeps such data separate from the rest of the IT infrastructure. There isn't much detail on virtualization, however, and some admins say PCI DSS 2.0 is too vague or even contradictory in parts.
You must have Adobe Flash Player 7 or above to view this content.See http://www.adobe.com/products/flashplayer to download now.
Download for later:
PCI DSS 2.0 addresses virtualization
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As