- Cloud overview. The supplement provides an explanation of common deployment and service models for cloud environments, including how implementations may vary within the different types.
- Cloud provider/cloud customer relationships. The supplement outlines different roles and responsibilities across different cloud models and provides guidance on determining and documenting the responsibilities.
- PCI DSS considerations. The supplement provides guidance and examples to help organizations determine responsibilities for individual PCI DSS requirements, including segmentation and scoping considerations.
- PCI DSS compliance challenges. The supplement describes some of the challenges associated with validating PCI DSS compliance in a cloud environment.
In addition, PCI SSC says the document also includes a number of appendices that address specific PCI DSS requirements and implementation scenarios, including additional considerations to help determine PCI DSS responsibilities across different cloud service models; sample system inventory for cloud computing environments; a sample matrix for documenting how PCI DSS responsibilities are assigned between the cloud provider and client; and a starting set of questions that can help determine how PCI DSS requirements can be me in a particular cloud environment.
Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Thor at firstname.lastname@example.org
Read more about compliance in CIO's Compliance Drilldown.