PCI DSS Scoping and Virtualization White Paper
Las Vegas, NV - (September 26th, 2013) – Catbird®, the pioneer in security and compliance for software-defined data centers, and Vigitrust®, compliance readiness and validation experts, today announced the publication of a joint white paper entitled "PCI and Virtual Asset Management”. This paper will be made available at this week’s PCI DSS community meeting in Las Vegas and is downloadable at http://info.catbird.com/pci-compliance-and-virtual-asset-management.
The latest PCI standard- PCI DSS v3.0 - is being unveiled at this week’s meeting. This version will focus on continuous compliance and user awareness. Catbird and Vigitrust’s joint white paper will address these topics, as well as issues confronting enterprises challenged to define their applicable PCI scope as their card data environment (CDE) keeps evolving. This paper also covers how the standard is validated and how to reduce scope by ring fencing assets used to transmit, store or process cardholder data.
“PCI compliance is a winnable challenge in virtualized environments” said Randal Asay, Chief Technology Office of Catbird and white paper co-author. “Knowing how to pinpoint virtual assets in a CDE is vital to reducing PCI DSS scope and making the compliance process simpler, more cost effective and easier to maintain”.
“The architectural changes in a software-defined data center vis a vis PCI can be easily dealt with in a structured way, as long as PCI-regulated entities have been educated on the compliance process, how to reduce scope and minimize threats to the residual CDE,” agreed Mathieu Gorge, CEO and founder of VigiTrust. “That is exactly what this white paper is meant to address.”
Both Asay and Gorge, who co-authored the white paper launched at the PCI Community meeting, strongly believe that too many organizations underestimate the challenge of virtual security within a PCI scope when they first encounter the issue.
“PCI does provide guidance on scope reduction, but rarely focused on proactively managing virtual assets, ” continued Gorge. “This is where education comes in and plays a vital role”.
“During an official assessment, QSAs will ask for an asset inventory. If the organization wants to pass its audit, it needs to be able to include virtual assets in that inventory, and demonstrate that they are managed on an on-going basis, not just once a year at the time of the assessment. This white paper is a roadmap to help guide this process and pass an audit.” added Asay.
The white paper is available both from Catbird (booth 414) and VigiTrust at the PCI Community meeting and on both organizations’ websites (http://info.catbird.com/pci-compliance-and-virtual-asset-management and http://www.vigitrust.com).
Catbird is the industry leader in software-defined security - comprehensive security and compliance for virtualized, cloud and physical environments. Catbird is a winner of four Best of Show Finalist Awards at VMworld 2010, 2009 and 2008, CRN’s 2013 Virtualization 50 and SC Magazine’s “Innovator of the Year” for virtualization security. Via Catbird vSecurity, Catbird is the only company delivering best-practice software- defined security and compliance for the new data center. As companies migrate mainstream servers and desktops to virtual environments, uncertainty over security and compliance can impact deployment plans. Catbird’s protection eliminates these worries and keeps virtualization plans on track.
VigiTrust helps its international blue chip clients achieve and maintain compliance with legal and industry data security & governance mandates. Thanks to its cloud based eLearning programs, security compliance portals and GRC services, clients in the financial services, healthcare, higher education, retail & government pro-actively ensure they protect credit card data, personal data/PII as well as PHI. VigiTrust’s cloud solutions and services are based on the 5 Pillars of Security FrameworkTM.
Media Contact: Tamar Newberger CMO
Tony Keller SS|PR