On April 17, 2018, the Payment Card Industry Security Standards Council (PCI SSC) published its updated Cloud Computing Guideline.
With the increasing use of cloud service providers, there is a need to better understand business processes and technical problems that may impact payment data and associated processing. The new Cloud Computing Guideline is designed to contribute to a better understanding of the risks and their minimisation for safeguarding credit card data in the cloud.
With version 3.0, recommendations on incident response and forensic investigations have been enhanced and new vulnerability management guidelines added. In addition, the updated guideline offers additional technical security considerations on topics such as logging, identity and access management, and intrusion detection systems (IDS)/intrusion prevention systems (IPS) for use within the cloud. The chapters on “Roles and Responsibilities” and “Scoping Cloud Environments” have also been updated.
Furthermore, the challenges for achieving PCI DSS compliance while using the cloud are addressed. These challenges include the problems brought about by the fact that cloud customers have no insight into the underlying infrastructure of their provider and the security controls associated with it, and the difficulty of meeting the corresponding PCI DSS logging requirements.
(Source: https://www.pcisecuritystandards.org/pdfs/Cloud_SIG_Release.pdf)
About the PCI Expert Tipps:
With our PCI Expert Tips we would like to keep you informed about changes to the PCI Security Standards and provide you with first explanations as to what the changes entail and how they may affect you. Please take our articles always as a general reference – they do not replace individual case-by-case evaluations.
Should you have any further questions or require assistance with your scope definition, don’t hesitate to contact us.
Our specialists are happy to help!
Phone: +49 6102 8631-190
E-mail: sales@usd.de
