Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 on AWS - Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 on AWS

Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 on AWS

Publication date: October 14, 2020 (Document Revisions)

Abstract

The objective of this guide is to provide customers with sufficient information to be able to plan for and document the Payment Card Industry Data Security Standard (PCI DSS) compliance of their AWS workloads. This includes the selection of controls that meet specific PCI DSS 3.2.1 requirements, planning of evidence gathering to meet assessment testing procedures, and explaining their control implementation to their PCI Qualified Security Assessor (QSA).

AWS Security Assurance Services, LLC (AWS SAS) is a fully owned subsidiary of Amazon Web Services. AWS SAS is an independent PCI QSA company (QSAC) that provides AWS customers and partners with specific and prescriptive information on PCI DSS compliance. As a PCI QSAC, AWS SAS can interact with the PCI Security Standards Council (SSC) or other PCI QSAC under the confidentiality and contractual framework of PCI.

Introduction

The purpose of the PCI DSS is to protect cardholder data (CHD) and sensitive authentication data (SAD) from unauthorized access and loss. Cardholder data consists of the Primary Account Number (PAN), cardholder name, expiration date, and service code. Sensitive authentication data (SAD) includes the full track data (magnetic-stripe data or equivalent on a chip), CAV2/CVC2/CVV2/CID, and PINs/PIN blocks.