The PCI Council recently came out with an updated supplement to PCI DSS 2.0 for virtual environments. Apparently, much needed clarifications have been addressed in this new documents. Standards have to be read and re-read to understand what they exactly mean. Essentially, what it comes down to is that requirements to abide by PCI DSS for virtual environments is as stringent as they are for physical environments, especially for logging and monitoring. Sophisticated tools are lacking for virtual environments and the PCI council’s recommendation is that more details in logs are necessary from multiple components including hypervisors, management interfaces, virtual machines, host systems and virtual appliances.
Contact us at firstname.lastname@example.org for a 30-minute initial discovery call. Quickly determine your compliance status, and gain a better understanding of whether your retail environments are compliant.