cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

PCI DSS and secure wiping of virtualised environment i.e. VMware

Hi All

 

PCI DSS states within V3.2.1 section 9.8, that a secure wipe is required to eliminate any residual credit card holder data.   This appears to be out of date given the majority of organisations are running virtualised environments, and potentially with the cloud, albeit a Private one.

 

Organisation in this case is moving the current Credit Holders Environment (CHE) to another provider, but of course one has to secure eradicate the current environment and keep audit records for a year after the event.

 

Recommendations from experience on techniques to meet Section 9.8 requirements?

 

Regards

 

Caute_Cautim

5 Replies
Steve-Wilme
Advocate II

Essentially crypto shredding would probably fit this bill and be accepted by your QSA as meeting the intent of the requirement.  We've largely avoided the issue however, by not storing PANs via on premise tokenisation in some channels and end to end encryption in others.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Caute_cautim
Community Champion

@Steve-WilmeThanks for the response.   If only as usual.

 

However, working with the Storage guys, we have come up with a loose set of steps:

 

1) Identity all Servers workloads and names and identify the LUNs (Logical Unit Numbers)

2) Delete Snaspshots

3) Delete VMDK's

4) Apply Secure Wipe to each of the LUNs

5) As we have a fully audited storage regime, the tapes will be destroyed in time, by professional services and verified.  In the mean time, they are fully secured from beginning to end.

6)  Audit records have to be kept for a minimum of 12 months after the above.

 

Alternatives:  Specialist software for securely wiping Virtual Machines.    Costly.

 

Or upgrade current set up and encrypt all Virtual Machines - encryption key held by VMware Administrator.

Destroy the key to ensure no key recovery or recovery of data.   Costly in this case.

 

Any other suggestions?

 

Regards

 

Caute_Cautim

 

Huntington
Newcomer II

My guidance would be...

 

Follow your steps, and document your reasoning for why you think each step is required and sufficient for destroying.  DSS doesn't give us many methods, just requirements.  defending your interpretation of the requirements is easier if you remember why you did it.

 

DSS compliance is more about making sound decisions and documentation of those decisions, from my experience.


@Caute_cautim wrote:

@Steve-WilmeThanks for the response.   If only as usual.

 

However, working with the Storage guys, we have come up with a loose set of steps:

 

1) Identity all Servers workloads and names and identify the LUNs (Logical Unit Numbers)

2) Delete Snaspshots

3) Delete VMDK's

4) Apply Secure Wipe to each of the LUNs

5) As we have a fully audited storage regime, the tapes will be destroyed in time, by professional services and verified.  In the mean time, they are fully secured from beginning to end.

6)  Audit records have to be kept for a minimum of 12 months after the above.

 

Alternatives:  Specialist software for securely wiping Virtual Machines.    Costly.

 

Or upgrade current set up and encrypt all Virtual Machines - encryption key held by VMware Administrator.

Destroy the key to ensure no key recovery or recovery of data.   Costly in this case.

 

Any other suggestions?

 

Regards

 

Caute_Cautim

 


 

Caute_cautim
Community Champion

I like your thinking and wisdom, very good indeed.

Thanks

Cautim_cautim
Huntington
Newcomer II

Of course, any time