The PCI Security Standards Council issued a new guidance to help IT administrators deploy and manage cloud environments and virtual data centers while ensuring PCI compliance where necessary.
The PCI DSS Virtualization Guidelines Information Supplement, released June 14, covers a number of virtualization areas, including different types of virtualization, specific notes on cloud computing and how to ensure “mixed” virtual environments are compliant, Bob Russo, the general manager of the PCI Council, told eWEEK. The guidance does not contain new requirements or standards but is intended to be a primer on how to ensure virtual environments comply with the existing PCI-DSS 2.0 standard.
New guidance is always appreciated! The PDF includes five pages of risks specific to virtualized environments, ten pages of recommendations to deal with the risks, and two pages to help assessors assess the risks.
But why do you need all that when Cisco has a Solution In A Box?
At the same time, Cisco announced it will be releasing a Cisco PCI Solution for Retail Design and Implementation Guide at the end of the month to help enterprises and retail customers with an in-depth guide on how organizations can achieve PCI compliance. The document provide guidance for different types of “store footprints,” such as size of the retail organization and the type of services provided, Lindsay Parker, global retail industry director at Cisco, told eWEEK..
Oh, it’s a guide to solving your DSS problems with Cisco solutions.
Anton Chuvakin weighs in:
PCI DSS in the Cloud … By the Council
The long-awaited PCI Council guidance on virtualization has been released [PDF]. Congrats to the Virtualization SIG for the mammoth effort! I rather liked the document, but let the virtualization crowd (and press!) analyze it ad infinitum – I’d concentrate elsewhere: on the cloud! This guidance does not focus on cloud computing, but contains more than a few mentions, all of them pretty generic.
Here are some of the highlights and my thoughts on them.