Solved: PCI DSS and secure wiping of virtualised environme...

Caute_cautim · ‎10-07-2019

Hi All

PCI DSS states within V3.2.1 section 9.8, that a secure wipe is required to eliminate any residual credit card holder data. This appears to be out of date given the majority of organisations are running virtualised environments, and potentially with the cloud, albeit a Private one.

Organisation in this case is moving the current Credit Holders Environment (CHE) to another provider, but of course one has to secure eradicate the current environment and keep audit records for a year after the event.

Recommendations from experience on techniques to meet Section 9.8 requirements?

Regards

Caute_Cautim

Steve-Wilme · ‎10-08-2019

Essentially crypto shredding would probably fit this bill and be accepted by your QSA as meeting the intent of the requirement. We've largely avoided the issue however, by not storing PANs via on premise tokenisation in some channels and end to end encryption in others.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

Caute_cautim · ‎10-08-2019

@Steve-WilmeThanks for the response. If only as usual.

However, working with the Storage guys, we have come up with a loose set of steps:

1) Identity all Servers workloads and names and identify the LUNs (Logical Unit Numbers)

2) Delete Snaspshots

3) Delete VMDK's

4) Apply Secure Wipe to each of the LUNs

5) As we have a fully audited storage regime, the tapes will be destroyed in time, by professional services and verified. In the mean time, they are fully secured from beginning to end.

6) Audit records have to be kept for a minimum of 12 months after the above.

Alternatives: Specialist software for securely wiping Virtual Machines. Costly.

Or upgrade current set up and encrypt all Virtual Machines - encryption key held by VMware Administrator.

Destroy the key to ensure no key recovery or recovery of data. Costly in this case.

Any other suggestions?

Regards

Caute_Cautim

Huntington · ‎10-09-2019

My guidance would be...

Follow your steps, and document your reasoning for why you think each step is required and sufficient for destroying. DSS doesn't give us many methods, just requirements. defending your interpretation of the requirements is easier if you remember why you did it.

DSS compliance is more about making sound decisions and documentation of those decisions, from my experience.

@Caute_cautim wrote:
@Steve-WilmeThanks for the response.   If only as usual.

However, working with the Storage guys, we have come up with a loose set of steps:

1) Identity all Servers workloads and names and identify the LUNs (Logical Unit Numbers)
2) Delete Snaspshots
3) Delete VMDK's
4) Apply Secure Wipe to each of the LUNs
5) As we have a fully audited storage regime, the tapes will be destroyed in time, by professional services and verified. In the mean time, they are fully secured from beginning to end.
6) Audit records have to be kept for a minimum of 12 months after the above.

Alternatives: Specialist software for securely wiping Virtual Machines.    Costly.

Or upgrade current set up and encrypt all Virtual Machines - encryption key held by VMware Administrator.
Destroy the key to ensure no key recovery or recovery of data.   Costly in this case.

Any other suggestions?

Regards

Caute_Cautim

Caute_cautim · ‎10-12-2019

I like your thinking and wisdom, very good indeed.

Thanks

Cautim_cautim

Huntington · ‎10-21-2019

Of course, any time

PCI DSS and secure wiping of virtualised environment i.e. VMware