Home > Blogs > VMware Security & Compliance Blog


VMware CP&C releases PCI DSS 3.0 Compliance toolkit for Virtual Environments in VCM!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of Payment Card Industry Data Security Standard (PCI DSS) 3.0 Compliance toolkit for Virtual Environment in VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops) suite.

PCI DSS 3.0 comes into effect from January 1, 2014. We churned it pretty quickly and now have the PCI DSS 3.0 compliance toolkits available for below VMware vSphere based virtual environments:

VMware vSphere 5.0
VMware vSphere 5.1
VMware vSphere 5.5

The toolkit contains various PCI DSS 3.0 compliance rules grouped into respective virtual objects in the form of rule groups and templates:

VMware vSphere Hypervisor (Virtual Environment based)
VMware vSphere vCenter Server (Virtual Environment as well as Windows based)
VMware vSphere Guests (Virtual Environment based)
VMware vSphere Network (Virtual Environment based)
VMware vSphere SSO (Windows based)
VMware vSphere Web client (Windows based)

You can download the packages using Compliance Content Wizard tool in VCM or from VMware solution exchange and begin to use them.

Below is a quick summary of the release and walk-through of the compliance process using VCM:

Step 1 – Collect just the required data from the virtual objects using granular collection filters

One-Click Collection Filter Set to collect all data needed for PCI DSS 3.0 Compliance assessment

One-Click Collection Filter Set to collect all data needed for PCI DSS 3.0 Compliance assessment

Step 2 – Run the PCI DSS 3.0 compliance templates to get an assessment of your virtual environment – That’s it!

2_PCI DSS 3.0 for vSphere - Rule Groups and Templates - 1

Windows based PCI DSS 3.0 compliance rule groups and templates

Virtual Environment based PCI DSS 3.0 compliance rule groups and templates

Virtual Environment based PCI DSS 3.0 compliance rule groups and templates

Step 3 – Track your PCI DSS 3.0 compliance posture using these great dashboards:

PCI DSS 3.0 Dashboard

PCI DSS 3.0 Dashboard

6_PCI DSS 3.0 for vSphere - Dashboard - 2

You can also break down the compliance results by data type and vCenter Server to see where most of your infractions are coming from:

You can also break down the compliance results by data type and vCenter Server to see where most of your infractions are coming from:

PCI DSS 3.0 for vSphere

From there, you can see the individual rules behind the content that is surfaced in the dashboards. Also, you can easily group the template results to suit your requirements:

4_PCI DSS 3.0 for vSphere - Results - Grouped

Start nailing down the most critical ones first and then the rest. You can just drag n drop the template results and group them by severity to make it easy for your VI admin to fix the infractions. Isn’t that cool!

Keep in mind that VCM manages not only virtual environments, but covers physical as well. It is the market leader in Configuration Audit, Change Detection, Patch Management and COMPLIANCE content. With new additions such as Scripted Remediation Framework, high level of OS patch automation with auto deploy functionality, Easy install and setup, SCAP based compliance and a new look and feel, it is better than ever before!

Lookout for the PCI DSS 3.0 compliance rule groups and templates for *NIX and Windows environment – Coming Soon!

Come, join the journey to Start Green Stay Green!

Thanks and regards,
Pravin Goyal
RHCE | HP-UX CSA | VCP | MBA | CISSP | GISP | CCSK | CloudU | CompTIA CE | ITIL-F | ITSM-F

This entry was posted in Uncategorized and tagged , , , , , , , , , , on by .
Pravin Goyal

About Pravin Goyal

Pravin Goyal is an information security and regulatory compliance expert in CMBU. He delivers and also leads various security projects such as security and compliance policies for PCI DSS 3.1, HIPAA, IRS, DISA, CIS, vSphere hardening guides and NSX hardening guides He loves to keep abreast of latest developments in the field and find compelling ideas to bring some additional business and profitability to VMware. Additionally, he believes in collaborating across BUs and Companies to deliver customer-facing solutions. Off late, he has authored CIS Docker 1.6 and CIS Docker 1.11.0 Security Configuration Benchmark, NSX-v 6.1 hardening guide and is a co-author of vSphere hardening guide. He is leading the STIG compliance project from CMBU. https://www.linkedin.com/in/pravin-goyal-b7299b33