{"id":1533,"date":"2011-06-15T00:00:00","date_gmt":"2011-06-15T00:00:00","guid":{"rendered":"http:\/\/otava.test\/pci-compliance-and-virtualization-new-recommendations\/"},"modified":"2011-06-15T00:00:00","modified_gmt":"2011-06-15T00:00:00","slug":"pci-compliance-and-virtualization-new-recommendations","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/","title":{"rendered":"PCI Compliance and Virtualization: New Recommendations"},"content":{"rendered":"<p>A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance within a virtual data hosting environment, including cloud computing. While the latest version of the PCI standard was updated in October 2010, the guidelines refer mainly to physical hosting environments.<\/p>\n<p>The council emphasizes that there is no one-size-fits-all method or solution to configure virtualized environments to meet PCI DSS requirements, and that different configurations must be customized depending on environment, use and implementation.<\/p>\n<p>The guidelines also detail possible risks for hosting within a virtual environment, including the increased complexity of virtualized systems and networks. Other risks include possible immaturity of monitoring solutions and information leakage between virtual network segments and components, thus increasing the need to host with an experienced <a href=\"https:\/\/onlinetech.com\/secure-hosting\/pci-compliant-hosting\">PCI compliant hosting<\/a> provider that is able to assess and eliminate all potential risks.<\/p>\n<p>The PCI SSC outlines virtualization considerations for each of the already-standardized 12 PCI DSS requirements. For example, the first requirement refers to installing and maintaining a firewall configuration to protect cardholder data. Virtualization considerations include examining multiple virtual layers, including virtual firewalls and routers potentially embedded within a hypervisor, as well as possible virtual network connections existing within a host, between hosts, and so on.<\/p>\n<p>The new guidelines also address PCI compliance and types of <a href=\"https:\/\/onlinetech.com\/cloud-computing-hosting\">cloud computing<\/a> that are rising in popularity and quickly evolving, including public, private and hybrid cloud computing. The council warns that public cloud environments are designed to be public-facing, to allow access into the environment from anywhere on the Internet, as a potential reason for inherent risk. However, this is unlike <a href=\"https:\/\/onlinetech.com\/cloud-computing-hosting\/private-cloud-hosting-packages\">private cloud hosting<\/a> which consists only of system components that are trusted and controlled by the organization, and not shared with any other customer.<\/p>\n<p>The latest <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/Rth87Wp\/Virtualization_InfoSupp_v2.pdf\">PCI DSS Virtualization Guidelines<\/a> can be downloaded from the PCI Security Standards Council\u2019s website.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance within a virtual data hosting environment, including cloud computing. While the latest version of the PCI standard was updated in October 2010, the guidelines refer mainly to physical hosting environments. The council emphasizes that there is no one-size-fits-all method or solution to configure virtualized environments to meet PCI DSS requirements, and that different configurations must be customized depending on environment, use and implementation. The guidelines also detail possible risks for hosting within a virtual environment, including the increased complexity of virtualized systems and networks. Other risks include possible immaturity of monitoring solutions and information leakage between virtual network segments and components, thus increasing the need to host with an experienced PCI compliant hosting provider that is able to assess and eliminate all potential risks. The PCI SSC outlines virtualization considerations for each of the already-standardized 12 PCI DSS requirements. For example, the first requirement refers to installing and maintaining a firewall configuration to protect cardholder data. Virtualization considerations include examining multiple virtual layers, including virtual firewalls and routers potentially embedded within a hypervisor, as well as possible&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1533","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>PCI Compliance and Virtualization: New Recommendations | OTAVA<\/title>\n<meta name=\"description\" content=\"A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCI Compliance and Virtualization: New Recommendations\" \/>\n<meta property=\"og:description\" content=\"A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2011-06-15T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"PCI Compliance and Virtualization: New Recommendations\",\"datePublished\":\"2011-06-15T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/\"},\"wordCount\":318,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/\",\"url\":\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/\",\"name\":\"PCI Compliance and Virtualization: New Recommendations | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2011-06-15T00:00:00+00:00\",\"description\":\"A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PCI Compliance and Virtualization: New Recommendations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PCI Compliance and Virtualization: New Recommendations | OTAVA","description":"A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/","og_locale":"en_US","og_type":"article","og_title":"PCI Compliance and Virtualization: New Recommendations","og_description":"A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance.","og_url":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/","og_site_name":"OTAVA","article_published_time":"2011-06-15T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"PCI Compliance and Virtualization: New Recommendations","datePublished":"2011-06-15T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/"},"wordCount":318,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/","url":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/","name":"PCI Compliance and Virtualization: New Recommendations | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2011-06-15T00:00:00+00:00","description":"A new set of guidelines and recommendations have been released by the Payment Card Industry Security Standards Council (PCI SSC) regarding PCI compliance.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/pci-compliance-and-virtualization-new-recommendations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"PCI Compliance and Virtualization: New Recommendations"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1533"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1533\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1533"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}