The Payment Card Industry Data Security Standard (PCI DSS) 2.0 is hot off the presses, and the question everyone’s asking is, “Does it cover virtualization compliance?”
Well, kind of.
Two years in the making, PCI DSS 2.0 offers additional guidance and clarifies portions of the previous PCI DSS 1.2 standard. Virtualization compliance is mentioned, but only generally, and there are no specific virtualization security recommendations. In fact, the major change in version 2.0 is that PCI Security Standards Council brought the virtualization layer into the scope of the standard, which governs organizations that handle credit card information.
Previously, virtualization was completely ignored, so the move is a step in the right direction. But without firm guidance on how to ensure virtualization compliance, the standard is still ineffective. And the council doesn’t plan to update PCI DSS 2.0 for another three years, so it will be quite a while before we get more detail about protecting credit card information in virtual infrastructures.
Read the full article at searchvmware.com…