AWS Security Blog

PCI Compliance in the AWS Cloud

PCI compliance in the cloud is an important topic for many of our customers. Our PCI FAQ page has received more than 45,000 views, and we have issued our PCI compliance package directly to customers in all major regions and industry verticals. To build on our growing demand of PCI enablers, today we’re happy to announce the release of a new PCI compliance resource for customers. We’ve partnered with Anitian, a Qualified Security Assessor Company (QSAC), on the development and publication of a Workbook for PCI Compliance in the AWS Cloud. This workbook provides guidance around AWS service methodologies for deploying PCI compliance capability within AWS.

The new PCI workbook provides three sample reference architectures outlining the most common PCI-compliant environments:

  1. Dedicated – An AWS PCI environment that is not connected to anything else.
  2. Segmented – A larger AWS environment that has both a Card Data Environment (CDE) and in-scope systems.
  3. Connected – An environment that has both AWS and on-premises items.

Additionally, the workbook contains general guidance and strategies for using AWS services to meet the twelve top-level PCI requirements, as well as links and tips for configuring the use of AWS in a PCI-compliant manner.

Please contact us with questions about complying with financial service regulations or meeting your compliance requirements in the cloud.

– Chad Woolf, Director, AWS Risk and Compliance