Re: PCI certification requirements.

jam · ‎10-08-2009

Have any of you been through PCI certification using Vmware infrastructure?

If so, did the auditors insist that ESX ran AV? The standard states that AV is require on all system components where appropriate, but the scope in not really defined.

Current the VMs all have AV, but not ESX, and I'd like to keep it that way if possible.

Were there any other issues regarding PCI certification with ESX?

NTurnbull · ‎10-08-2009

Haven't looked at it myself but did you see the VMware whitepapers on PCI Compliancy?

Thanks,

Neil

Thanks, Neil

jam · ‎10-08-2009

I've looked through them and mostly they talk about AV on VMs.

It does mention requiring AV on management partition on Windows or Unix, but does this apply to ESX?

I'm hoping someone who's been through an audit can give me a definte yes or no.

AsherN · ‎10-09-2009

Keyworrds are 'where appropriate'.

If your management network is on a different subnet, and all computers on that subnet have AV protection, then it is not appropriate.

Texiwill · ‎10-22-2009

Hello,

Moved to Virtualization Security forum.

PCI is working on the correct guidance for VMs now. So you may wish to check directly with PCI with respect to PCI compliant virtualization hosts/VMs. I am sure there will be a combination of items required. AV being the least concern.

Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

PCI certification requirements.