|
|
|
|
|
|
by dfc
5225 days ago
|
|
|
Are you sure? I think that you may be mistaken. The bar is just set higher in a "virtualized environment"... "In a public cloud environment, additional controls must be implemented to compensate for the
inherent risks and lack of visibility into the public cloud architecture. A public cloud environment
could, for example, host hostile out-of-scope workloads on the same virtualization infrastructure
as a cardholder data environment. More stringent preventive, detective, and corrective controls
are required to offset the additional risk that a public cloud, or similar environment, could
introduce to an entity’s CDE. These challenges may make it impossible for some cloud-based services to operate in a PCI
DSS compliant manner. Consequently, the burden for providing proof of PCI DSS compliance for
a cloud-based service falls heavily on the cloud provider, and such proof should be accepted only
based on rigorous evidence of adequate controls." From: https://www.pcisecuritystandards.org/documents/Virtualizatio... Amazon: http://aws.amazon.com/security/ |
|
|