Forum Discussion
Community ManagerAdding offerings and UK Region: Azure rolls deep with PCI DSS v3.2
Go here to download Azure’s Payment Card Industry Data Security Standard (PCI DSS) v3.2 Attestation of Compliance (AoC)! When it comes to enabling customers who want or need to operate in a cloud environment AND also need to adhere to the global standards designed to prevent credit card fraud, they need look no further than Azure.
When it comes to security and compliance, we are always ready to act. The DSS v3.2 contains several requirements that don’t take effect until January 2018, and while it is possible to get a v3.2 certification without meeting these future requirements, Azure has already adopted them and is currently compliant with all new requirements.
Read about it on the Azure blog.
This is good to see Microsoft is keen on security. But there are some basic questions,
i.e. DocumentDB is listed in COA while it doesn't support TDE (Data at Rest), it would require and can not be deployed behind network segmentation (i.e. VNet). These are basic requirements for PCI-DSS.
It would be important to understand as a Solution Designer, how the responsibilities are shared? However, it is a very good initiative and good to know that you are enhancing your portfolio.
