PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
FAQ #1224 Deleted

What does "one function per server" mean?

The intent of the one primary function per server requirement (Requirement 2 of the PCI DSS) is to ensure that your organization’s system configuration standards and related processes address server functions that need to have different security levels, or that may introduce security weaknesses to other functions on the same server. For example, a database, which needs to have strong security measures in place, would be at risk sharing a server with a web application, which needs to be open and directly face the internet.

Note: The specific sub requirement number(s) and terminology may vary depending on the version of the standard being used.

View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.