common denial

PCIAs much as I try to keep Security and Compliance separate because as you know, security and compliance are two totally different things, there are exceptions. You also know, compliance can sometimes help with regard to security. The number one standard where this is true is Payment Card Industry Data Security Standards or also known at PCI DSS. Not only does this requirement focus on security ( It even says it in it’s name… Data Security Standard ) but they have developed a supplemental document focused on PCI DSS Virtualization GUIDELINES. That is right, virtualization guidelines. Some of the items it covers is PCI DSS v2

  • Separation of Duties
  • Dormant virtual machines
  • Immaturity of monitoring solutions
  • Defense in depth (when was the last time you saw a Compliant control that mentioned defense in depth?)
  • Recommendations for cloud computing environments

and of course my personal favorite

  • Guidance for assessing risks in virtual environments

PCI DSS Virtualization Guidelines 2.0


View original post 311 more words