Amazon has achieved the Payment Card Industry (PCI) Data Security Standard (DDS) 2.0. Validated Service Provider Status. This means that EC2 is now compatible with the best practices and security controls needed to keep credit card data safe and secure during transit, processing and storage. In order to receive the certification an organization needs to build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong security measures, test and monitor networks on a regular basis and it must maintain an information security policy. The certification covers, the Amazon Elastic Compute Cloud (EC2), the Simple Storage Service (S3) and the Virtual Private Cloud (VPC) globally.
Validation took place by an independent Quality Security Assessor (QSA), which granted EC2 the Level 1 service provider status.
With this validation Amazon can now provide its certified platform to merchants and service providers which need to maintain their own certification.
PCI version 2.0. which was published in October this year provides guidance on how to deal with virtualization, but it doesn’t provide guidance on multi-tenancy yet, still the QSA who assessed the platforms found the security and architecture compliant with the standard.