PCI DSS v4.0 on AWS Compliance Guide now available

Our mission at AWS Safety Assurance Providers is to ease Fee Card Trade Information Safety Commonplace (PCI DSS) compliance for Amazon Internet Providers (AWS) clients. We work carefully with AWS clients to reply their questions on understanding compliance on the AWS Cloud, discovering and implementing options, and optimizing their controls and assessments. Essentially the most frequent and foundational questions have been compiled to create the Fee Card Trade Information Safety Commonplace (PCI DSS) v4.0 on AWS Compliance Information. The information is an summary of ideas and rules to assist clients construct PCI DSS–compliant purposes and cling to the up to date model 4.0 necessities. Every part is totally referenced to supply AWS documentation, to assist PCI DSS reporting necessities. The information contains AWS finest practices and applied sciences and updates which are relevant to the brand new PCI DSS v4.0 necessities.

The information helps clients who’re growing cost purposes, compliance groups which are making ready to handle assessments of cloud purposes, inner evaluation groups, and PCI Certified Safety Assessors (QSA) supporting clients who use AWS.

What’s within the information?

The target of the information is to offer clients with the knowledge they should plan for and doc the PCI DSS compliance of their AWS workloads.

The information contains:

The Shared Duty Mannequin and its impression on PCI DSS necessities
What the AWS PCI DSS Degree 1 Service Supplier standing means for purchasers
Scoping your cardholder knowledge atmosphere
Required diagrams for assessments
Requirement-by-requirement steerage

The information is most helpful for people who find themselves growing options on AWS, however it additionally will assist QSAs, inner safety assessors (ISAs), and inner audit groups higher perceive the evaluation of cloud purposes. It offers examples of the diagrams required for assessments and contains hyperlinks to AWS supply documentation to assist evaluation proof necessities.

Compliance at cloud scale

Extra clients than ever are working PCI DSS–compliant workloads on AWS, with hundreds of compliant purposes. New safety and governance instruments out there from AWS and the AWS Accomplice Community (APN) allow constructing business-as-usual compliance and automatic safety duties so you may shift your focus to scaling and innovating your small business.

When you’ve got questions or wish to be taught extra, contact your account consultant, or go away a remark beneath.

Need extra AWS Safety how-to content material, information, and have bulletins? Observe us on Twitter.

Ted Tanner

Ted is a Principal Assurance Marketing consultant and PCI DSS QSA with AWS Safety Assurance Providers, and has greater than 25 years of IT, safety, and compliance expertise. He leverages this to offer AWS clients with steerage on compliance and safety within the cloud, and how you can construct and optimize their cloud compliance packages. He’s co-author of the Fee Card Trade Information Safety Commonplace (PCI DSS) v3.2.1 on AWS Compliance Information and this v4.0 version, and the Architecting for PCI DSS Segmentation and Scoping on AWS whitepaper.

Sana Rahman

Sana is a Senior Assurance Marketing consultant with AWS Safety Assurance Providers, and has been a PCI DSS Certified Safety Assessor (QSA) for 8 years. She has in depth data and expertise in data safety and governance, and deep compliance data in each cloud and hybrid environments. She makes use of all of this to take away compliance roadblocks for AWS clients and supply steerage of their cloud journey.

Rughved Gadgil

Rughved is a Senior Options Architect with WWCS Enterprise Canada group and excels at utilizing his technical experience to take away technical hurdles for purchasers on their cloud adoption journey. He holds 5 totally different AWS certifications, and beforehand labored as a DevOps Specialist for a serious airline. He has a eager curiosity in safety and compliance, and is constantly increasing his data and skillsets throughout the evolving cloud safety panorama.