Make Sure Your PCI DSS Cloud Compliance Provider is Compliant Themselves
Today, we announced that Dome9 has achieved PCI DSS v3.2 Level 1 compliance. An independent third-party organization assessed our systems and processes and validated that Dome9 meets the requirements of PCI DSS compliance according to the PCI Security Standards Council. According to version 3.0 of PCI DSS that went into effect in 2015, PCI compliance is a requirement, not only for organizations that handle customer payment card data, but also for vendors of these companies. Solution providers that help companies achieve PCI DSS compliance must demonstrate their compliance to these stringent security requirements as well.
An information supplement published by the PCI Security Standards Council in December 2016 extends the scope of PCI compliance to any system or component that provides security services to the CDE or impacts configuration or security of CDE.
Dome9 simplifies the process of achieving and proving PCI DSS compliance in public cloud environments. Our security and compliance automation platform is trusted by enterprises in security-conscious industries such as financial services, healthcare, and retail, and we take this responsibility seriously. Dome9 customers now benefit from the validation that the Dome9 Arc SaaS platform exceeds security controls necessary for protecting payment card account data. Dome9 is currently the only infrastructure security and compliance automation platform for the public cloud that has met this global security standard for payment card industry data security.
PCI DSS Standard
The Payment Card Industry Data Security Standard (PCI DSS) is the most rigorous, industry-recognized payment-card security standard available globally. PCI DSS is a regulatory requirement for merchants and service providers that store, process or transmit customer payment card data.
The standard covers 12 requirements around information security controls and processes that fall into the following areas:
— Build and maintain a secure network
— Protect cardholder data
— Maintain a vulnerability management program
— Implement strong access control measures
— Regularly monitor and test networks
— Maintain an information security policy
The scope of Dome9’s assessment covered our security and compliance automation platform, including all the infrastructure, applications and tools that we use to deliver the platform.
Hold Your Solution Providers Accountable
PCI DSS certification was a significant and necessary investment for us as a cloud solution provider to companies that are subject to PCI compliance. PCI DSS compliance status should be seriously considered in the selection of a vendor for security and compliance automation for companies that are themselves subject to PCI DSS requirements in their cloud environments. When the security of customers’ sensitive financial data is at stake, it is important to take a holistic view to security that includes cloud compliance automation solutions.
Talk to us about how we can help your organization achieve and maintain PCI DSS cloud compliance with our continuous compliance solution. You can test drive the Dome9 platform for free today. In a following blog post, we will discuss how exactly Dome9 is helping organizations in their PCI DSS compliance journey.
Related Resources
The Top 12 Threats to Cloud Security
The Definitive Guide to Robust Security