White Papers

How Virtualization Affects PCI DSS
This white paper series is a joint effort with Foundstone that takes a pragmatic view at the different components of virtualization technologies and provides a perspective on how enterprises that are looking to deploy such technologies should think about their impact on PCI compliance initiatives.

• Part 1: Mapping PCI Requirements and Virtualization
  This paper presents a mapping for the various and relevant PCI requirements and how these are impacted by virtualization.
• Part 2: A Review of the Top 5 Issues
  This paper highlights what we believe to be the top five issues and concerns that PCI Qualified Security Assessors (QSA’s) have about virtualization technology. For each of these we propose solutions that organizations can rely on to demonstrate compliance while deploying virtualization technology within their PCI environment.

Achieving Compliance in a Virtualized Environment
The goal of this paper is to present unique considerations that virtualization presents to regulatory and standards compliance, and then prescriptively descirbe how to mitigate those risks.

Ten Steps to Continuous Compliance: Putting in Place an Enterprise-Wide Compliance Strategy
This paper discusses the challenges faced by today’s enterprise IT departments and outlines ten steps for successful compliance. You’ll learn what organizations like yours can do to protect information and comply with regulations, while enhancing business performance.

Accelerating PCI Compliance with Log Management
This white paper discusses the challenges organizations face in complying with PCI, and how effective LMI can simplify the compliance process while helping to improve enterprise security. It also provides suggestions for how to best prepare for a PCI audit and improve your chances of achieving on-going compliance. Registration required.

Virtualization Security: A Coordinated Approach to Intrusion Detection and Prevention
Virtualization environments share many of the same security challenges faced by physical server environments. This paper explores the challenges of protecting, and the opportunities for improving the security of, virtualized environments. It outlines a Coordinated Approach for Intrusion Detection and Prevention which can be deployed today, and that is architected to take advantage of additional capabilities which virtualization vendors are adding to their platforms.

Reducing the Scope of Your PCI Audit: Innovative Network Segmentation Using Host Intrusion Defense
This white paper discusses the methods and merits of traditional approaches to network segmentation as a means to reduce the scope of the PCI audit. It introduces host intrusion defense — which includes a software firewall — as an innovative solution that will help dramatically reduce the scope and cost of a PCI audit, thereby relieving some of the ‘PCI pain’.

Webinars and Podcasts

Virtualization: Security and Compliance Considerations
Join Dave Shackleford, Director of Configuresoft's Center for Policy and Compliance (CP&C), former CTO at the Center for Internet Security (CIS) and co-author of the CIS Benchmarks for VMware ESX, as he discusses the security and compliance challenges introduced by virtualization.

Establishing and Maintaining PCI Compliance
Dan Langin, Principal - Daniel J. Langin, Attorney at Law
PCI is a credit card industry standard, not a government regulation. However, companies that don’t comply with the standard face high fines, sanctions, and more. How does a merchant or member bank avoid such penalties and maintain a high compliance posture?

In this Tripwire podcast Dan Langin, Attorney at Law, discusses what PCI means for merchants, banks, and other companies that handle credit card information.

Insights from an Auditor: Ensuring a Successful PCI Audit
Uncover the nuts and bolts of PCI audits, and what your company can do to attain and maintain cost-effective compliance.

How Can You Prove Your Virtualized Environment is PCI Compliant?
Configuresoft has brought together a panel of experts who will provide specific guidance on how to demonstrate PCI DSS compliance on both virtual and physical platforms. Please join us for this exciting webinar with Charu Chaubal, Senior architect with VMware, Dave Taylor, Research Director for the PCI knowledge base, and Dave Shackleford, Director of Center for Policy and Compliance (CP&C).

Best Practices for Achieving PCI Compliance in a Virtual Environment
This podcast brings together a panel of experts including Dave Shackleford from Configuresoft, Charu Chaubal from VMware and Dave Taylor from the PCI Knowledge Base. Download this podcast and listen to the challenges and opportunities of virtualization and how to properly implement virtualization to ensure security and compliance with the PCI DSS version 1.2 standard.

Case studies

Olan Mills meets critical PCI requirements using Reflex Virtual Security Management Solution
Utilizing Reflex Security Virtual Management Solution on VMware Virtual Infrastructure 3, Olan Mills was able to create a cost-effective, virtual computing environment AND satisfy auditors that the new environment provides strong new protection to the company’s retail customers, enabling the virtual environment to meet critical PCI requirements.

Organizations

• PCI Council
• PCI Knowledgebase

Standards

• PCI DSS
• HIPAA
• Sarbanes-Oxley
• GLBA

Home > Technology > Technology and Architecture > Security > Compliance Center