Frequently Asked Questions

< Back to search page

What does one function per server mean?

FAQ Response

The intent of the one primary function per server requirement (Requirement 2.2.1 of the PCI DSS) is to ensure that your organization’s system configuration standards and related processes address server functions that need to have different security levels, or that may introduce security weaknesses to other functions on the same server. For example, a database, which needs to have strong security measures in place, would be at risk sharing a server with a web application, which needs to be open and directly face the internet.

July 2009
Article Number 1224