IBM Cloud again expands compliance for Platform as a Service (PaaS) offerings with the Payment Card Industry Data Security Standard (PCI DSS).
IBM’s public cloud completes annual PCI DSS assessments using an approved Qualified Security Assessor (QSA), and the resulting Attestations of Compliance (AOCs) and Service Responsibility Matrix guides are available upon client request. Auditors review in-scope IBM Cloud services for compliance under PCI DSS version 3.2.1 at Service Provider Level 1.
Clients are responsible for the storing, processing, and transmission of their cardholder data and may create cardholder data environments (CDEs) that can store, transmit, or process cardholder data using IBM’s public cloud services. Clients can use the IBM Cloud AOCs and SRM guides when seeking their own PCI DSS certifications. It is the responsibility of the client to document and operate CDEs and applications built using IBM’s public cloud services in a PCI DSS-compliant manner.
Adding to the compliant IBM Cloud Infrastructure and PaaS services previously assessed under the PCI DSS are the following:
- IBM Cloud Databases for DataStax
- IBM Cloud Databases for Elasticsearch
- IBM Cloud Databases for EnterpriseDB
- IBM Cloud Databases for etcd
- IBM Cloud Databases for MongoDB
- IBM Cloud Databases for PostgreSQL
- IBM Cloud Databases for Redis
- IBM Cloud Messages for RabbitMQ
- IBM Cloudant on Transaction Engine
- IBM Event Streams for IBM Cloud Standard