AWS recently released a new Quick Start Reference Deployment aimed at helping AWS clients and partners to build systems that conform to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements. In their second Quick Start release in a set of AWS Enterprise Accelerator Compliance offerings, this standardized architecture provides both Managed Service Organizations and their clients with a template that adheres to strict security, compliance, and risk management controls while providing security-focused, standardized architecture solutions for organizations that process credit card data.
Adherence to PCI DSS stipulates that your cloud environment meets control objectives, protects cardholder data, and implements strong access controls, among additional requirements. Meeting these standards is crucial for keeping your companies financial information safe, while giving your clients assurance that they can trust you with their financial data. However, these requirements can be tricky to navigate, especially across different environments.
To help with this, the Standardized Architecture for PCI DSS on the AWS Cloud provides a template to deploy a standardized environment that is in line with PCI DSS compliance in AWS environments, and can be customized for your organization as needed. The template also sets up the things like:
- IAM items (policies, groups, roles and instance profiles)
- S3 buckets (encrypted web content, logging and backup)
- Bastion host for troubleshooting and administration
- Encrypted RDS database instance running in multiple Availability zones
- Logging/monitoring/alerting package that makes use of AWS CloudTrail, Amazon CloudWatch, and AWS Config Rules
Additionally, the Quick Start includes a Security Controls Reference, which maps relevant architecture decisions, features, and configurations to the security controls specified by PCI DSS. The architecture also supports multiple AWS best practices, including use of multiple Availability Zones, isolation using public and private subnets, load balancing, and auto scaling.
Quick Start Reference Deployments offerings like those listed above can help ease the legwork in creating the strong foundation necessary to ensure the environment is abiding by compliance guidelines from the beginning. Want to learn more about how Datapipe can help you with architecting a PCI DSS compliant environment on AWS? You can find more information on our website.