0

If I'm using AWS EC2 server so that AWS will give me certificate for PCI DSS Compliant. I'm a bit confuse regarding this please help me out.. Thanks

prl
  • 11,716
  • 2
  • 13
  • 31
Anshuman Jaiswal
  • 1

1 Answers1

0

AWS is a PCI-compliant Level 1 Service Provider. Thus, companies can use AWS, but in the context of a shared responsibility model. This means that AWS customers share the responsibility for PCI compliance. Since AWS is a PCI-compliant service provider, organizations using AWS do not need to assess AWS infrastructure. An assessor can validate the compliance of the AWS infrastructure simply by reviewing AWS’s Attestation of Compliance (AOC) and Responsibility Matrix documents.

https://www.threatstack.com/blog/what-is-aws-pci-compliance

Hence, for AWS compliance, you have to provide an auditor PCI compliance reports available in AWS artifacts.

But, remember that compliance is shared responsibility. So, you have to ensure that applications that you are running on EC2 are also PCI compliant

SmartCoder
  • 856
  • 6
  • 11
  • Means if I use AWS Amplify and it comes under PCI Compliance then do I get PCI DSS certificate from AWS or should I have to use an assessor to get the PCI DSS certificate. Please let me know. – Anshuman Jaiswal Aug 17 '21 at 11:19
  • You will find under AWS Artifacts AWS compliance reports for PCI. These reports are generic and not targeted to specific user or application. AWS is service provider – SmartCoder Aug 18 '21 at 11:07