Amazon Web Services (AWS) today announced it has achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Organizations can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. The AWS cloud infrastructure has been validated at the highest level (Level 1) of PCI compliance, to build their cardholder environment and achieve PCI certification for their applications.
PCI DSS is the payment card security standard that evaluates security management, policies, procedures, network architecture, software design and other critical protective measures. To achieve a Validated Level 1 Service Provider Status, AWS commissioned a third party examination by a Qualified Security Assessor (QSA) to validate compliance with PCI DSS version 2.0. The Level 1 requirement applies to any provider who stores, processes or transmits more than 300,000 transactions annually.
PCI DDS Version 2.0 becomes effective on January 1, 2011, but validation against the previous version of the standard (1.2.1) will be allowed until December 31, 2011, giving organizations more time to understand and implement the updated standards and provide feedback throughout the process. After January 1, 2012, all assessments must be under version 2.0 of the standards.
“Security has always been and will continue to be our number one priority,” said Steve Schmidt, Chief Information Security Officer, Amazon Web Services. “By pursuing certifications and third party attestations like ISO 27001, SAS 70 Type II, FISMA, and now the PCI DSS service provider validation, we’re able to give customers continued assurance that the AWS cloud is a trustworthy and secure platform on which to build and deploy business-critical applications that demand rigorous security controls and regulatory compliance.”
Last month AWS announced it has achieved ISO 27001 certification for its AWS infrastructure, data centers and several services. ISO 27001 (ISO/IEC 27001) is a global security standard that sets out requirements for an Information Security Management System. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing sensitive company and customer information. AWS is now recognized as fully compliant with the global security standard for all AWS regions worldwide, and has also established a formal program to maintain the certification.
Just yesterday, AWS announced it would offer cloud based DNS Service designed to give developers and businesses a reliable and cost effective way to route end users to Internet applications.