PCI DSS v3.2.1 - AWS Audit Manager

PCI DSS v3.2.1

AWS Audit Manager provides a prebuilt framework that supports PCI DSS v3.2.1 to assist you with audit preparation.

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard. It's administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. PCI DSS applies to entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD). This includes, but isn't limited to, merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

AWS is certified as a PCI DSS Level 1 Service Provider, the highest level of assessment available. The compliance assessment was conducted by Coalfire Systems Inc., an independent Qualified Security Assessor (QSA). The PCI DSS Attestation of Compliance (AOC) and Responsibility Summary are available to you through AWS Artifact, which is a self-service portal for on-demand access to AWS compliance reports. Sign in to AWS Artifact in the AWS Management Console, or learn more at Getting Started with AWS Artifact.

You can download the PCI DSS standard from the PCI Security Standards Council Document Library.

Use AWS Audit Manager to support your PCI DSS audit preparation

AWS Audit Manager provides a prebuilt framework that structures and automates assessments to support the PCI DSS compliance standard, based on AWS best practices. This framework includes a prebuilt collection of controls with descriptions and testing procedures, which are grouped according to PCI DSS requirements. The framework contains 152 automated controls and 510 manual controls. You can also customize this framework and its controls to support internal audits with unique requirements.

You can use the PCI DSS V3.2.1 framework in AWS Audit Manager to prepare for PCI DSS audits. The controls in this framework aren't intended to verify whether your systems are compliant with the PCI DSS standard. Moreover, they can't guarantee that you will pass a PCI DSS assessment. AWS Audit Manager doesn't automatically check procedural controls that require manual evidence collection.

You can find the PCI DSS V3.2.1 framework under the Standard frameworks tab of the Framework library in Audit Manager.

For information about how to create an assessment using this framework, see Creating an assessment. For instructions on how to customize this framework to support your specific requirements, see Customizing an existing framework and Customizing an existing control.