- Mar 22, 2011
- Mar 22, 2011
- 13 Page(s)
- White Paper
Sponsored by: HyTrust
Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines for securing cardholder data are specified in the Payment Card Industry (PCI) Data Security Standard (DSS) version 2.0. This international standard is maintained by the PCI Security Standards Council, whose founding members include American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The card brands have incorporated PCI DSS as part of the technical requirements for each of their data security programs. Organizations subject to PCI DSS must deploy appropriate technical controls and processes to ensure security of cardholder data and verify compliance with the standard.
Virtualization technology can help organizations simplify compliance with PCI DSS with scope reduction. It entails segmenting the cardholder data environment from an entity’s other information systems. To help evaluate virtualization solutions for PCI DSS compliance, HyTrust recommends that your organization solicit vendor product and/or service-related input with a formal Request for Information. The RFI invites responses to questions for each Requirement of the PCI DSS with a focus on addressing security issues with virtualization. The suggested format in this paper includes relevant RFI templates that may be copied or adapted to particular requirements of your organization.
Continue reading to learn more about preparing an RFI for virtualization and the PCI Data Security Standard.