AWS Security Blog

2013 PCI Compliance Package Available Now

We’re happy to announce the availability of the 2013 PCI Compliance Package. Along with the AWS PCI Attestation of Compliance, this package includes our independent assessor’s revised and expanded PCI Customer Responsibility Matrix, which describes the customer and AWS shared responsibility for each of the 200+ PCI Data Security Standard controls. This document will help not only those who need to effectively manage a PCI cardholder environment on AWS, but can help any customer better understand their responsibility of operating controls so you can effectively develop and operate a highly secure environment on AWS and even prepare your organization for various audits. The PCI data security standard is a globally-accepted security standard that customers use to support a wide range of sensitive workloads, including, of course, processing and storing sensitive payment card data.

What are customers saying about becoming PCI compliant with AWS?

“The underlying AWS infrastructure was PCI compliant out of the box and our QSA was happy with the AWS PCI Package and Responsibility Matrix.  This freed us to think about our system and software architecture as opposed to capital expenditure costs normally involved in finding a suitable hosting facility, equipment, sundries not to mention building, assessing and running the infrastructure.”

– Andrew Dunn, Chief Technology Officer at Cognia.

How to get AWS PCI reports

To request the Summer 2013 PCI Compliance Package, please contact AWS Sales and Business Development. Learn more about AWS PCI Compliance Reports by visiting the PCI DSS Level 1 Compliance FAQs page.

You can also visit the AWS Compliance website to learn more about AWS compliance in general.

Additional Resources

Chad Woolf
Director, AWS Risk and Compliance