Virtualization segmentation in ESXi for PCI compliance

1136880 pts.
Tags:
PCI compliance
Virtualization
VMware ESXi
As of right now, my organization is PCI DSS complaint but we learned that it's a big no-no if we tried to mix in-scope and out-of-scope systems. We also saw that PCI leaders said this regarding scopes in a virtual environment.
The level of segmentation required for in-scope and out-of-scope systems on the same host must be equivalent to a level of isolation achievable in the physical world; that is, segmentation must ensure that out-of-scope workloads or components cannot be used to access an in-scope component. Unlike separate physical systems, network-based segmentation alone cannot isolate in-scope from out-of-scope components in a virtual environment.
So here's the big question: Can we segment VMs that are running on ESXi so the segmentation satisfies that statement? Thanks!
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: