Preparing an RFI for Virtualization and the PCI Data Security Standard

Preparing an RFI for Virtualization and the PCI Data Security Standard

Cover

Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines for securing cardholder data are specified in the Payment Card Industry (PCI) Data Security Standard (DSS) version 2.0. This international standard is maintained by the PCI Security Standards Council, whose founding members include American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The card brands have incorporated PCI DSS as part of the technical requirements for each of their data security programs. Organizations subject to PCI DSS must deploy appropriate technical controls and processes to ensure security of cardholder data and verify compliance with the standard.

Virtualization technology can help organizations simplify compliance with PCI DSS with scope reduction. It entails segmenting the cardholder data environment from an entity’s other information systems. To help evaluate virtualization solutions for PCI DSS compliance, HyTrust recommends that your organization solicit vendor product and/or service-related input with a formal Request for Information. The RFI invites responses to questions for each Requirement of the PCI DSS with a focus on addressing security issues with virtualization. The suggested format in this paper includes relevant RFI templates that may be copied or adapted to particular requirements of your organization.

Continue reading to learn more about preparing an RFI for virtualization and the PCI Data Security Standard.

Vendor:
HyTrust
Posted:
22 Mar 2011
Published
22 Mar 2011
Format:
PDF
Length:
13 Page(s)
Type:
White Paper
Language:
English
Already a Bitpipe member? Login here

Download this White Paper!

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy