Stack sports pci12/31/2023 Within 12 PCI DSS requirements, the physical security related requirements are only applicable to Alibaba Cloud, the cardholder data environment and information security policy related requirements are major applicable to the customers only, and the remaining requirements are the joint efforts between Alibaba Cloud and our customers. By complying with PCI DSS, Alibaba Cloud is able to provide a highly secure cloud service platform with products and security services to help the customer meet the security requirement under PCI DSS.įollowing the shared security responsibility model, Alibaba Cloud and its customers are jointly responsible for the security of customers' applications built on Alibaba Cloud. The assessment environment for Alibaba Cloud is the underlying physical and virtualised infrastructure that supports the Alibaba Cloud services, which include physical servers, host operating systems, networking, virtulisation and control environment over management and operations of the Alibaba Cloud platform and services. Understand the responsibilities of fulfilling PCI DSS requirementsĪlibaba Cloud’s compliance with PCI DSS does not mean that our customer also meets the requirements in PCI DSS. For detailed scope information, please refer to the AOC report.Ĥ.How to comply with PCI DSS on Alibaba Cloud The Attestation of Compliance (AOC) report is available for downloading. The scope of the PCI DSS assessment includes cloud products, security services and CDN services that are available in 12 global regions (including Hong Kong). PCI DSS comprises with 12 requirements covering 6 categories, including build and maintain a secure network and systems, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy, for the applicable entities to assess whether they have maintained a secure environment for the protection of their affiliated payment card account data.Īlibaba Cloud engaged with PCI SSC Approved Qualified Security Assessor (QSA) to conduct annual onsite assessment, i.e., PCI DSS v3.2.1 level 1 certified. Finally, the merchants have to complete the Attestation of Compliance and submit every requested documentation to the acquiring banks for validation. For certain type of business, for instance, SAQ A-EP, SAQ B-IP, SAQ C, SAQ D-Merchant and SAQ D-Service Provider, a quarterly vulnerability scanning is required to be conducted by PCI SSC Approved Scanning Vendor (ASV). The merchants need to further determine which type of questionnaire is applicable and complete the questionnaire in accordance with the instructions and guidelines. The Council has established Self-Assessment Questionnaire mechanisms for small-to-medium size merchants to validate PCI DSS compliance. Therefore, the merchants need to figure out the merchant level by confirming with the acquiring bank. The merchant level identification principle is determined by the payment card brand. Merchants can be categorized into 4 levels, from level 1 to level 4, based on the volume of transactions per annum with the payment card brand. The PCI Data Security Standards is applicable to all entities that store, process or transmit payment card information. The PCI DSS is administered and managed by the Council, however, the enforcement of compliance with the PCI DSS is carried out by the payment brands. The PCI Data Security Standards define operational and technical requirements for entities that store, process or transmit payment card information, including merchants, processors, acquires, issuers and service providers. The Council is founded by five major payment brands (American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.). The PCI Security Standards Council is a global forum with the aim of establishing security standards for account data protection.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |