You are here

Catbird PCI DSS 3.0 Control Mapping for VMware Environments

Catbird Enhances Enterprise Security and Audit Preparedness With Its Product Applicability Guide Issued by Leading QSA Firm, Coalfire

SCOTTS VALLEY, Calif., Oct. 7, 2014 – Catbird® announced today the release of its PCI DSS 3.0 VMware Product Applicability Guide. Audit partner Coalfire® was enlisted to map Catbird controls to the VMware Compliance Reference Architecture Framework as it applies to Payment Card Industry (PCI) Data Security Standards (DSS) version 3.0. The new standards went into effect in 2014 and customers are required to comply with PCI 3.0 by January 1, 2015. Visit to download the complete report.

CISOs and Information Security Managers seeking tools to fill the gap in their PCI compliance strategy for virtual network environments can find detailed information about the applicability of Catbird in this document. Traditional physical security components that are usually deployed at the network edge make it difficult, if not impossible, to effectively monitor and control virtual components. It is incumbent on organizations using virtual technology in the cardholder data environment to ensure protection of that cardholder data.

  • Raising the bar for security in virtualized environments – Merchants, service providers, financial institutions and other entities that store, process or transmit payment cardholder data are required by card brands to comply with PCI DSS. The use of virtualization technology in private clouds is not exempt from these requirements, raising the bar for security in a virtualized Cardholder Data Environment (CDE).
  • Control Mapping by independent IT audit and compliance firm – Catbird enlisted audit partner Coalfire, a leading PCI DSS-approved qualified security assessor (QSA), to engage in a programmatic approach that evaluated Catbird’s product applicability for PCI DSS control capabilities within the VMware Compliance Reference Architecture Framework, then documented these capabilities in an applicability matrix.
  • Supporting DSS control requirements – Catbird includes a demonstrable means for enterprises to monitor, assess, and enforce key attributes of their information security program in context with pertinent PCI 2.0 and 3.0 standards. When properly deployed and configured, the Catbird solution either fully meets or augments 76 of the PCI DSS requirements including:
      • Asset discovery and logical zoning
      • Firewall management and dynamic firewall control updates
      • Automated, real-time visualization of Netflow
      • Continuous monitoring and protection of CDE

Edmundo Costa, CEO, Catbird, said: “PCI compliance begins with security. Catbird’s unique solution was engineered to automate seamless, comprehensive network security while measuring PCI DSS compliance for organizations with virtual environments. Catbird can dramatically reduce the costs of ongoing PCI audits as our customers seek to reduce their overall IT budgets while maximizing data center protections.”

Noah Weisberger, director – cloud and virtualization practice, Coalfire, said: “We are pleased to have been instrumental in helping VMware partners such as Catbird to align with PCI DSS 3.0 requirements and provide guidance as to how they can meet, support and facilitate compliant infrastructure and processes. It is essential that enterprises remain compliant with all applicable requirements, and we are dedicated to working with our partners to provide guidance to help meet those objectives.”

About Catbird

Catbird, the leader in security policy automation and enforcement for private clouds and virtual infrastructure, brings the power, agility and automation of the cloud to security policy and compliance, with a solution that automates, instruments and enforces policy while providing proof of continuous compliance. Customers rely on Catbird for managing cloud and virtualized infrastructure subject to compliance requirements including HIPAA, PCI-DSS, FISMA and SOX. For more information please visit