AWS Security Blog
2015 AWS PCI Compliance Package Now Available
We’re happy to announce the availability (upon request) of the 2015 AWS PCI Compliance Package, an assessment completed against the newly released PCI Data Security Standard (PCI DSS) Version 3.1. The PCI DSS is a globally accepted security standard that customers use to support a wide range of sensitive workloads, including the processing and storage of sensitive payment card data.
The PCI Compliance Package includes our AWS PCI Attestation of Compliance (AoC), which shows that AWS has been successfully validated against standards applicable to a Level 1 service provider under PCI DSS Version 3.1. It also contains our independent assessor’s revised and expanded AWS PCI Responsibility Summary, which describes customers’ and AWS’s shared responsibility for each of the 200+ PCI DSS controls. This document will help 1) those who need to effectively manage a PCI cardholder environment on AWS, and 2) any customer looking to better understand their responsibility of operating controls in order to effectively develop and operate a highly secure environment on AWS.
Amazon Web Services now features 23 in-scope services for PCI, including the latest additions of AWS CloudFormation, Amazon CloudFront, AWS Elastic Beanstalk, and AWS KMS. Additionally, AWS continues to be a Validated Service Provider with Visa and MasterCard, which means that both organizations have received our updated AoC and have accepted and recognized our compliance with the PCI DSS standard.
How do you request an AWS PCI Compliance Package?
To request a 2015 AWS PCI Compliance Package, please contact AWS Sales and Business Development. Learn more about AWS PCI Compliance Reports by visiting the PCI DSS Level 1 Compliance FAQs page.
You can also visit the AWS Compliance website to learn more about AWS compliance programs.
Additional resources
- PCI Compliance in the AWS Cloud
- PCI DSS Requirements for Data Encryption in Transit Using Amazon VPC
- PCI Compliance Workbook
- PCI Security Standards Council – Why Comply with PCI Security Standards?