Windows Azure Compliance Updates: PCI DSS and ISO
PCI DSS Compliance
We are pleased to announce that Windows Azure has been validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA). The QSA has issued an Attestation of Compliance, having audited the Windows Azure against the PCI DSS 2.0 security standards for Level 1. To assist customers in achieving PCI DSS certification, Microsoft is making the Windows Azure PCI Attestation of Compliance and Windows Azure Customer PCI Guide available for immediate download.
Visit the Trust Center for a list of other compliance and certifications.
What is the PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard designed to prevent credit card fraud through increased controls around credit card data. PCI certification is required for all organizations (merchants and payment service providers) that process credit card transactions.
Is Windows Azure PCI “certified”?
As a cloud provider, Windows Azure does not directly manage cardholder environments, and therefore, is not eligible for PCI certification. However, Windows Azure has been validated by a Qualified Security Assessor (QSA) as providing a secure environment that merchants can use to achieve their own PCI certification.
What Windows Azure services are in scope?
The Information Security Management System (ISMS) for Windows Azure, including infrastructure, development, operations and support for Compute, Data Services, App Services and Network Services are in scope for the PCI DSS Attestation of Compliance. This includes everything listed under Services on http://www.windowsazure.com/. The Windows Azure datacenters in the following regions are in scope: Asia Pacific East (Hong Kong), Asia Pacific Southeast (Singapore), Europe North (Ireland), Europe West (Netherlands), US North Central (Illinois), US South Central (Texas), US East (Virginia), and US West (California).
This posting is provided “AS IS” with no warranties, and confers no rights.