Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Amazon Web Services Achieves Level-1 PCI Compliance

Amazon Web Services (AWS) today announced it has achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Organizations can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. The AWS cloud infrastructure has been validated at the highest level (Level 1) of PCI compliance, to build their cardholder environment and achieve PCI certification for their applications.

Amazon Web Services (AWS) today announced it has achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Organizations can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. The AWS cloud infrastructure has been validated at the highest level (Level 1) of PCI compliance, to build their cardholder environment and achieve PCI certification for their applications.

PCI DSS is the payment card security standard that evaluates security management, policies, procedures, network architecture, software design and other critical protective measures. To achieve a Validated Level 1 Service Provider Status, AWS commissioned a third party examination by a Qualified Security Assessor (QSA) to validate compliance with PCI DSS version 2.0. The Level 1 requirement applies to any provider who stores, processes or transmits more than 300,000 transactions annually.Amazon AWS PCI Certification

PCI DDS Version 2.0 becomes effective on January 1, 2011, but validation against the previous version of the standard (1.2.1) will be allowed until December 31, 2011, giving organizations more time to understand and implement the updated standards and provide feedback throughout the process. After January 1, 2012, all assessments must be under version 2.0 of the standards.

“Security has always been and will continue to be our number one priority,” said Steve Schmidt, Chief Information Security Officer, Amazon Web Services. “By pursuing certifications and third party attestations like ISO 27001, SAS 70 Type II, FISMA, and now the PCI DSS service provider validation, we’re able to give customers continued assurance that the AWS cloud is a trustworthy and secure platform on which to build and deploy business-critical applications that demand rigorous security controls and regulatory compliance.”

Last month AWS announced it has achieved ISO 27001 certification for its AWS infrastructure, data centers and several services. ISO 27001 (ISO/IEC 27001) is a global security standard that sets out requirements for an Information Security Management System. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing sensitive company and customer information. AWS is now recognized as fully compliant with the global security standard for all AWS regions worldwide, and has also established a formal program to maintain the certification.

Just yesterday, AWS announced it would offer cloud based DNS Service designed to give developers and businesses a reliable and cost effective way to route end users to Internet applications.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...