Cisco To Post Retail PCI Primer

Just days after the Payment Card Industry Security Standards Council (PCI SSC) published the PCI DSS (Data Security Standard) Virtualization Guidelines Information Supplement, Cisco announced it will put online the second generation of its retail PCI solutions that have been reviewed by a PCI Qualified Security Assessor. Due out at the end of the month, the validated Cisco PCI Solution for Retail 2.0 is intended to provide retailers with a simpler way to become compliant, or incorporate modular elements on an as-needed basis, says Lindsay Parker, global retail industry director.

"Historically, retail has led the way, so it's no surprise that we have a significant backlog of retailers interested in this." The document of solutions was published this week for review and will be released for general availability at the end of June. "From our standpoint, what's been successful in the past and will continue to be is that we provide this cookbook and we give it to customers free."

PCI 2.0 is about vigilance and making sure that defenses that have already been invested in allow firms to stay in compliance, says network analyst Nick Lippis.

"So the issue is to maintain compliance. From this perspective, it's easier to do this with a network solution that touches every POS and database. In addition, there are virtualized components that now must be considered system components that must be secured, for things like segmentation and restricted access to virtualize environments. They apply the same way they would in a non-virtualized environment."

Not only must organizations do their PCI homework, but they must be seen to be doing the homework. "PCI 2.0 compliance is a huge deal as Sony and other very high-profile exploits and thefts of customer personal data is on the rise."