PCI-DSS and FreeBSD on EC2

**Crashus** · #1 01-26-2012, 10:37 AM

Hello,

Maybe some of you guys know if Amazon providing Report of Compliance to their clients? I need to know is it possible to host pci-dss application on their cloud. Also I need to sign a contract with them in order to use them as pci-dss certified DC. Anyone did this before?

Also, just qurious - have anyone (except me and few other folks) user FreeBSD at EC2? It is already production-ready, still been created from windows instance so billed as windows one as well unfortunately. I tried to ask both questions to Amazon directly but no answer unfortunately.

quantumphysics · #2 01-26-2012, 10:43 AM

https://aws.amazon.com/security/pci-...mpliance-faqs/

Possible and fairly painless.

**Crashus** · #3 01-26-2012, 10:47 AM

Except what I asked was Report of Compliance

Maybe someone now Amazon employee contact so I can directly mail him?

FastServ · #4 01-26-2012, 12:18 PM

Amazon submits their reports directly to PCI not to you. When you fill out your PCI compliance questionnaire you will list AWS as your host. Unless amazon is actually processing payments for you (in a manner like Paypal where you redirect your users to their system for payment) you're still on your own to become PCI compliant yourself. You cannot rely on your host's compliance if you are processing/storing payments on your own unmanaged server instance.

**Crashus** · #5 01-26-2012, 12:20 PM

Randy,

Whenever I'm applying for PCI compliance I must ensure my QSA that I have my datacenter pci compliant (as DC, not as merchant) as well. For this purpose I need contract with them, and complete report

quantumphysics · #6 01-26-2012, 01:44 PM

What QSA? When I had to deal with PCI on AWS it was basically "we use aws ec2/s3 they're validated" "okay." without further issues.

Amazon can give you a signed email or something (PGP?) if you need it, whine at their support or on the AWS forums.

**Crashus** · #7 01-26-2012, 02:32 PM

Quote:

Originally Posted by quantumphysics

What QSA? When I had to deal with PCI on AWS it was basically "we use aws ec2/s3 they're validated" "okay." without further issues.

Amazon can give you a signed email or something (PGP?) if you need it, whine at their support or on the AWS forums.

Have you received payment processor certificate?
Like this:
http://www.visaeurope.com/en/busines...providers.aspx

Akisoft · #8 01-26-2012, 03:46 PM

Not sure why you need a certificate from them, we listed them as an infrastructure provider and everything was fine.

**Crashus** · #9 01-26-2012, 03:47 PM

Can you guys PM me your certified processor sites and companies which were certifying you?
Thanks

PCI-DSS and FreeBSD on EC2

Sponsored Links

Advertise Here

Internet Services

Web Development

Digital Marketing

Consumer Tech