Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
PCI DSS in a VMware / Windows environment
jibbajabba
Has anyone hardened their environment in order to obtain PCI-DSS ?
Are there any idiot proof guides out there how to (manually) harden VMware and Windows systems ?
I am googling all day now and the more I try to read up on it, the more pops up.
VMware provides a tool to check it (can't be installed in our environment right now), Configuration Manager of VMware is currently not an option, Microsoft's documentation is a nightmare ...
Any pointers would be appreciated.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
meadIT
Have you taken a look at the whitepapers on this page?:
Compliance Center Resources
I'm assuming the VMware tool that you can't install is the PCI compliance checker?
https://my.vmware.com/web/vmware/evalcenter?p=compliance-chk
Other than that, it's going to be a pretty manual process of going through the vSphere Hardening Guide.
Edit: Here's another whitepaper I came across.
Edit 2: The link would help, wouldn't it?
http://www.vmware.com/files/pdf/Coalfire-PCI-DSS-Compliance-and-VMware-WP.pdf
bdub
We are PCI compliant. Pretty sure most of our hardening guides are based off of the DISA STIG's. Not sure about any idiot proof guides or a "PCI for dummies" kind of thing which seems to be what your looking for.
Good luck! PCI sure is a blast!
higherho
I've automated / manually harden Window systems, Red hat Enterprise, IIS, DNS, DC's, switches ,etc. A lot of the checks are from the DISA STIG's. I have yet to go through the VMware / ESXi STIG (I will most likely go through that this week and I will let you know how it goes).
Most of the stuff is pretty basic and doesn't break the system unless you don't read the STIG's accordingly and understand your environment a little bit.
jibbajabba
Thanks guys. The whole process seem overwhelming at first but yea - seem to be pretty basic. It seems that the hardest bit will be the policies, and their enforcement ...
I suppose PCI DSS has the same standard across the globe ? Wondering how relevant the DISA STIG's are for us in Europe ..
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
