Flow diagram of payment card data, or personal data, in the cloud

The recent PCI DSS Information supplement “PCI DSS Cloud Computing Guidelines” emphasizes the same message as earlier guidelines like

They all emphasize that in order to protect data, one have to know where and when the data is used or stored.

Some highlights from the PCI DSS document:

  • Figure 3: How PCI DSS responsibilities may be shared between clients and CSPs.
  • Chp 4: Segmentation and Scoping
  • Appendices with samples:
    • Appendix A: Sample PCI DSS Responsibilities for Different Service Models
    • Appendix B: Sample Inventory
    • Appendix C: Sample PCI DSS Responsibility Matrix
    • Appendix D: PCI DSS Implementation Considerations

Related Links

Other Links

This entry was posted in Cloud Security, Privacy, Security Management, Security Standardization and Practises, Security Training, Awareness and Reports. Bookmark the permalink.

Comments are closed.