Home > Blogs > VMware Security & Compliance Blog > Tag Archives: vCM

Tag Archives: vCM

CP&C Releases vCM PCI 2.0 Content, Combine this with vShield & WOW!

The VMware Center for Policy and Compliance is pleased to announce our latest content update for PCI 2.0 in vCenter Configuration Manager ™ (VCM).

PCI 2.0 is right around the corner 2k12 and many of you should be preparing for these audits yesterday!

Are any of you starting to prep for PCI 2.0? Please share your concerns, we want to help! Get CP&C in touch with your QSA.

Here is a sample of what has changed, for more information check out the PCI DSS v2 Summary of Changes doc.

Scope of Assessment for Compliance with PCI DSS Requirements

  • Added “virtualization components” to the definition of “system components.”  

Network Segmentation

  • Added clarifications including that segmentation may be achieved through physical or logical means 

What’s new in this package? Platform support for:

  • Windows 7,
  • Windows Vista
  • Windows XP
  • Windows 2003,
  • Windows 2008
  • vSphere/ESX
  • UNIX & LINUX 

How does this help you address your compliance needs?

This is at the core of what VMware offers as part of our Trusted Cloud Solution. At VMworld, we announced our PCI self healing Virtual environment around CDE and auto segmentation of VM’s based upon data, defining relationships to those VM’s and continually applying policy & remediation to the entire environment. The Combination of vCM, vShield & VIN make for a Compliance Solution that is unmatched in the market and works for other use cases like HIPAA. (See Diagram Below)

Self.Healing 
 

How do you get it the new content?
Customers wishing to harden their PCI 2.0 environment can download the new content via the VCM Content Wizard

Be on the lookout for a free PCI 2.0 checker to be released by CP&C later this year!

Also, feel free to hit us up at:

Adios,
George Gerchow VMware Director, Center for Policy & Compliance

vSphere 4.1 Security Hardening Guidelines for vCenter Configuration Manager (VCM) Released

The VMware Center for Policy and Compliance is excited to announce our content release of the vSphere 4.1 Security Hardening Guidelines for vCenter Configuration Manager (VCM).
 
CP&C is a group of folks with alphabet soup behind their names that build content, thought leadership and evangelize our Security & Compliance  strategy all over the planet.
 
Why should you care about this latest release? That’s easy, the content supports ESX 4.1, ESXi 4.1 and vCenter 4.1. That means we can automate the continuous collection of data, compare it to our standards and within minutes provide prescriptive guidance on best practices and  reduce the LONG painful audit cycle.
 
Together VCM and Host Profiles become an important  part of creating a trusted virtual environment.  With VCM and the new CP&C content you can harden your ESX/i hosts based on vSphere standards and use Host Profiles to push these secure settings across your virtual infrastructure.  There is no longer a need to painstakingly pour-over the best practices or reference technical documentation in order to configure the Host Profile reference host(s) to meet these standards.
 
By the way, these standards have been recommended to the PCI Security Council as benchmark for 2.0 content around virtualization. (Stay Tuned!)
 
Yours Truly, George Gerchow – VMware Director of CP&C.
 
vSphere 4.1 Security Hardening Guidelines Compliance Dashboard snapshots:

Ss.1


Ss.2


Ss.3


Ss.4