cloud

PCI DSS Cloud Computing Guidelines

A new guidance document from the PCI SSC provides useful information about the use of Cloud Service Providers (CSPs) and how this may affect PCI compliance.

Although cloud computing feels like a new thing, the issues about responsibility for cardholder data are certainly not new. Related issues, such as nebulous (pun intended) statements about PCI compliance from a CSP need to be qualified, and mutual responsibilities clearly established.

Actually, this new document echoes some guidance that we’ve been publishing for a while now. Have a look at PCI Compliance Claims: 3 Questions You Must Ask for example. More recently, we published a 10 minute video entitled Penetration Testing & The Cloud, which is an ideal management introduction to the subject, even if PCI DSS isn’t on your radar.

The SSC document is available here.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>