Virtualization separates applications, desktops, machines, networks, data and services from their physical constraints. Virtualization is an evolving concept, encompassing a broad range of technologies, tools, and methods, and can bring significant operational benefits to organizations that choose to leverage them. As with any evolving technology, however, the risks also continue to evolve and are often less understood than risks associated with more traditional technologies.
The intent of this Information Supplement is to provide guidance on the use of virtualization in accordance with the Payment Card Industry Data Security Standard (PCI DSS). For the purposes of this paper, all references are made to the PCI DSS version 2.0.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.