Educause Security Discussion mailing list archives
PCI DSS - VDI (vmware) SAQ-C-VT question
From: Oscar Knight <knightod () APPSTATE EDU>
Date: Fri, 3 May 2013 14:49:07 -0400
Hello Everyone, I have several PCI DSS questions. They all revolve around processing transactions with a web browser where the web service is external, ie we only touch the card data with the web browser ... I believe this to be SAQ-C-VT. Please comment on any or all of the following: 1) We are considering using a separate VMware VDI which users connect to via dedicated PCoIP devices. Connecting via general desktop would not be allowed. Comments? 2) With respect to the VDI solution, IF we allowed users to use their general use desktop, is there a way to configure their desktop such that it would NOT be part of the CDE? For the record the desktops would be Windows 7 machines. 3) What's your solution for this case? I know, I know, if we would just listen to our users and allow 'square' all would be OK :) Thanks in advance! odk -- NOTE: ASU ITS will NEVER ask you for your password in an email! Oscar D. Knight knightod at appstate dot edu ITS Voice: 828-262-6946 Appalachian State University, Boone, NC 28608 FAX: 828-262-2236
Current thread:
- PCI DSS - VDI (vmware) SAQ-C-VT question Oscar Knight (May 03)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Jessica Odom (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Mike Osterman (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Everett, Alex D (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question John Ladwig (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Rich Graves (May 07)
- Re: PCI DSS - VDI (vmware) SAQ-C-VT question Jessica Odom (May 07)