AWS Security Blog

2015 AWS PCI Compliance Package Now Available

We’re happy to announce the availability (upon request) of the 2015 AWS PCI Compliance Package, an assessment completed against the newly released PCI Data Security Standard (PCI DSS) Version 3.1. The PCI DSS is a globally accepted security standard that customers use to support a wide range of sensitive workloads, including the processing and storage of sensitive payment card data.

The PCI Compliance Package includes our AWS PCI Attestation of Compliance (AoC), which shows that AWS has been successfully validated against standards applicable to a Level 1 service provider under PCI DSS Version 3.1. It also contains our independent assessor’s revised and expanded AWS PCI Responsibility Summary, which describes customers’ and AWS’s shared responsibility for each of the 200+ PCI DSS controls. This document will help 1) those who need to effectively manage a PCI cardholder environment on AWS, and 2) any customer looking to better understand their responsibility of operating controls in order to effectively develop and operate a highly secure environment on AWS.

Amazon Web Services now features 23 in-scope services for PCI, including the latest additions of AWS CloudFormation, Amazon CloudFront, AWS Elastic Beanstalk, and AWS KMS. Additionally, AWS continues to be a Validated Service Provider with Visa and MasterCard, which means that both organizations have received our updated AoC and have accepted and recognized our compliance with the PCI DSS standard.

How do you request an AWS PCI Compliance Package?

To request a 2015 AWS PCI Compliance Package, please contact AWS Sales and Business Development. Learn more about AWS PCI Compliance Reports by visiting the PCI DSS Level 1 Compliance FAQs page.

You can also visit the AWS Compliance website to learn more about AWS compliance programs.

Additional resources



Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.