2.6 Shared hosting providers must
protect each entity’s hosted environment
and cardholder data. These providers
must meet specific requirements as
detailed in Appendix A: Additional PCI
DSS Requirements for Shared Hosting
Providers.
2.6 Perform testing procedures A.1.1 through A.1.4 detailed in
Appendix A: Additional PCI DSS Requirements for Shared
Hosting Providers for PCI DSS assessments of shared hosting
providers, to verify that shared hosting providers protect their
entities’ (merchants and service providers) hosted environment
and data.
This is intended for hosting providers that provide
shared hosting environments for multiple clients
on the same server. When all data is on the same
server and under control of a single environment,
often the settings on these shared servers are not
manageable by individual clients. This allows
clients to add insecure functions and scripts that
impact the security of all other client
environments; and thereby make it easy for a
malicious individual to compromise one client’s
data and thereby gain access to all other clients’
data. See Appendix A for details of requirements.