The old standard didn't even mention the word virtualization, which left a lot of confusion. PCI DSS 2.0 attempts to clarify that, specifically stating that virtual machines (VMs) can handle credit card data -- as long as each VM is used for a single purpose and keeps such data separate from the rest of the IT infrastructure. There isn't much detail on virtualization, however, and some admins say PCI DSS 2.0 is too vague or even contradictory in parts.
You must have Adobe Flash Player 7 or above to view this content.See http://www.adobe.com/products/flashplayer to download now.
Download for later:
PCI DSS 2.0 addresses virtualization
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As
This was first published in November 2010