Managing Access Control

Limiting access to the host via the Zerto APIs or PowerShell cmdlets from remote systems on the Internet is not specifically prohibited by a PCI requirement. However if an organization must have remote access, then it must implement PCI DSS 8.2 requirements and ensure processes enforce strong forms of authentication such as signed Digital Certificates from a Certificate Authority combined with strong two factor authentication and monitoring.

Both Zerto APIs and PowerShell cmdlets are run by the ZVM and therefore have the same level of protection as the ZVM. Access to the ZVM itself requires access to the Windows machine running this service. This access relies on the authentication, authorization, and security mechanisms provided by Microsoft.