Twenty-six services within the Amazon Web Services cloud offering have been certified as conforming to a stringent credit-card security standard known as PCI DSS 3.2, Amazon said in a post today.
The latest version of the Payment Card Industry Data Security Standard builds on guidelines created by several credit-card companies, including Visa, Mastercard and American Express. Those companies require that the standard be met by any entity that stores, processes or transmits cardholder or authentication data.
The new version of the standard, which all those entities must have implemented by Feb. 1, 2018, replaces version 3.1. It is intended to clarify that organizations must keep critical data-security controls in place throughout the year and that those controls must be tested as part of an ongoing process.
AWS’s PCI DSS compliance package is meant to be used by AWS customers and their compliance advisors to understand the scope of the PCI DSS assessment and the expectations for responsibilities when using AWS products as part of the customer’s cardholder-data environment, Amazon said. The newly certified services include the EC2 Container Service, AWS Config, and AWS WAF (web application firewall).
“Our customers (and customers of our customers) can operate confidently as they store and process credit card information (and any other sensitive data) in the cloud knowing that AWS products and services are tested against the latest and most mature set of PCI compliance requirements,” Amazon said in the post.
