AWS Security Blog
Spring 2019 PCI DSS report now available, 12 services added in scope
At AWS Security, continuously raising the cloud security bar for our customers is central to all that we do. Part of that work is focused on our formal compliance certifications, which enable our customers to use the AWS cloud for highly sensitive and/or regulated workloads. We see our customers constantly developing creative and innovative solutions—and in order for them to continue to do so, we need to increase the availability of services within our certifications. I’m pleased to tell you that in the past year, we’ve increased our Payment Card Industry – Data Security Standard (PCI DSS) certification scope by 79%, from 62 services to 111 services, including 12 newly added services in our latest PCI report (listed below), and we were audited by our third-party auditor, Coalfire.
The PCI DSS report and certification cover the 111 services currently in scope that are used by our customers to architect a secure Cardholder Data Environment (CDE) to protect important workloads. The full list of PCI DSS certified AWS services is available on our Services in Scope by Compliance program page. The 12 newly added services for our Spring 2019 report are:
- Amazon AppStream 2.0
- Amazon CloudWatch
- Amazon CloudWatch Events (includes Amazon EventBridge)
- Amazon Managed Streaming for Apache Kafka (Amazon MSK)
- AWS Amplify Console
- AWS Control Tower
- AWS CodeDeploy
- AWS CodePipeline
- AWS Elemental MediaConvert
- AWS Elemental MediaLive
- AWS Organizations
- AWS SDK Metrics for Enterprise Support
Our compliance reports, including this latest PCI report, are available on-demand through AWS Artifact.
To learn more about our PCI program and other compliance and security programs, please visit the AWS Compliance Programs page.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.