WAKEFIELD, Mass. — The PCI Security Standards Council (PCI SSC), which manages the Payment Card Industry Data Security Standard (PCI DSS), announced the publication of guidance on the use of virtualization technology in cardholder data environments in accordance with PCI DSS.
Virtualization has become a popular means of reducing computing hardware requirements and costs in retail stores and headquarters. The PCI DSS Virtualization Guidelines Information Supplement helps merchants and others understand how PCI DSS applies to virtual environments. It includes an explanation of the classes of virtualization often seen in stores; practical methods and concepts for deployment of virtualization in payment card environments; and suggested controls and best practices for meeting PCI DSS requirements in virtual environments.
“This information supplement provides a more detailed view into the definitions and boundaries where PCI intersects with virtualization,” said Kurt Roemer, chief security strategist, Citrix Systems, and chair of the Virtualization Special Interest Group. “Now merchants can identify the range of questions to ask their providers and then determine the risk mitigation options available.”
