This white paper provides a practical "how to" guide for customers that plan to deploy Pivotal Cloud Foundry (PCF), and need to comply with the requirements of the Payment Card Industry Data Security Standard (PCI DSS). The advice in this document is valuable to all PCF deployers and operators, but was specifically developed with the PCI DSS Level 1 category in mind. Any customers that plan to deploy the PCF platform as a component of their PCI Cardholder Data Environment (CDE) should review and follow this guidance.
As with all compliance programs, achieving compliance of Pivotal Cloud Foundry with the PCI DSS standard is not just a technical question. Rather, it is a matter of people, process, and technology.
Download this white paper and learn how to interpret the PCI DSS requirements in the context of a Pivotal Cloud Foundry deployment, and how to work with your chosen QSA to prove compliance.
About the Author
John Field has more than 20 years experience in software development, system architectures, and information security. Currently a PM for Platform Security on Pivotal Cloud Foundry, John works on all aspects of security and compliance for the PaaS cloud. Prior to this role, John worked for 7 years as a Senior Technologist in the EMC CTO Office, mentoring a number of product development teams. Prior to joining EMC, John was a member of the RSA Security CTO team. John came to RSA via the acquisition of his startup Transindigo, where he was the co-founder and CTO. John got his start in information security back in the 1990's at Bankers Trust Company, a top-10 Wall Street bank, where he was responsible for building and deploying the bank's first global user authentication and authorization infrastructure. An excellent communicator, he has been an invited speaker at many industry events including JavaOne, EMC World, RSA Conference, & the 2nd International Workshop on RESTful Design at the W3C. John is equally comfortable doing a presentation to 200 people, or to 2 people, and he especially enjoys presenting "lightning talks" at open source un-conference forums. He holds BSEE and MSCS degrees, both awarded Cum Laude from Hofstra University. John is also registered CISSP.