AWS Security Blog

2013 PCI Compliance Package Available Now

We’re happy to announce the availability of the 2013 PCI Compliance Package. Along with the AWS PCI Attestation of Compliance, this package includes our independent assessor’s revised and expanded PCI Customer Responsibility Matrix, which describes the customer and AWS shared responsibility for each of the 200+ PCI Data Security Standard controls. This document will help not only those who need to effectively manage a PCI cardholder environment on AWS, but can help any customer better understand their responsibility of operating controls so you can effectively develop and operate a highly secure environment on AWS and even prepare your organization for various audits. The PCI data security standard is a globally-accepted security standard that customers use to support a wide range of sensitive workloads, including, of course, processing and storing sensitive payment card data.

What are customers saying about becoming PCI compliant with AWS?

“The underlying AWS infrastructure was PCI compliant out of the box and our QSA was happy with the AWS PCI Package and Responsibility Matrix.  This freed us to think about our system and software architecture as opposed to capital expenditure costs normally involved in finding a suitable hosting facility, equipment, sundries not to mention building, assessing and running the infrastructure.”

– Andrew Dunn, Chief Technology Officer at Cognia.

How to get AWS PCI reports

To request the Summer 2013 PCI Compliance Package, please contact AWS Sales and Business Development. Learn more about AWS PCI Compliance Reports by visiting the PCI DSS Level 1 Compliance FAQs page.

You can also visit the AWS Compliance website to learn more about AWS compliance in general.

Additional Resources


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.