sponsored by HyTrust
Posted:  22 Mar 2011
Published:  22 Mar 2011
Format:  PDF
Length:  19  Page(s)
Type:  White Paper
Language:  English

Payment Card Industry (PCI) Data Security Standard (DSS) defines a set of requirements to protect payment cardholder data, and the environments in which cardholder data is stored, processed, or transmitted. These requirements apply to all “system components”, with a system component defined as any network component, server, or application that is included in or connected to the Cardholder Data Environment (CDE). The challenge with the Data Security Standard (DSS) is that technology is constantly evolving and security and audit capabilities are built in after the initial foundation has been established.

In particular virtualized and cloud environments have some unique challenges, which include adequate segmentation, storage of cardholder data, access control, logging and alerting across all management activities, and use of the base platform layer (i.e. the hypervisor). PCI DSS Version 1.2.1 (the current effective standard) does not provide specific guidance to address the risks directly associated with virtual machines and cloud computing. It only empowers the PCI Qualified Security Assessors (QSAs) and vendors to work collaboratively to create a compliance approach to specific emerging technologies.

DSS will evolve to address technology and threat innovations, but likely will continue to remain vendor agnostic. This document is provided to give merchants, service providers, and assessors a basic framework and a practical implementation for building a PCI-compliant cloud. This document will evolve as DSS is updated, Special Interest Group (SIG) papers are published, and the PCI Security Standards Council Technical Working Group formally provides guidance on virtualization and cloud technologies.

Continue reading to learn more about how you can have a PCI-Compliant cloud reference architecture.

Cloud Computing | Data Management | Data Security | Payment Card Industry | Payment Card Industry Data Security Standard | Payment Card Industry Data Security Standard Compliance | Security Infrastructure | Security Management

View All Resources sponsored by HyTrust

About TechTarget:

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

All Rights Reserved, Copyright 2000 - 2014, TechTarget | Read our Privacy Statement