The Payment Card Industry (PCI) Data Security Standard (DSS)
requires that if you accept, transmit or store credit cardholder data
you must meet the requirements contained within the standard. The
problem is that many people don’t know what that means. If you deal
with credit cards and are required to meet the PCI DSS, my advice is to
find a way to limit the scope of your compliance as much as possible.
Rackspace recently concluded a two-year effort to receive our PCI
Service Provider Report on Compliance (ROC) as a Compliant Level 1
Service Provider from Visa USA.
Rackspace pursued this compliance so that we can provide a PCI
Compliant Hosting Infrastructure for its customers. Infrastructure, in
this case, includes:
Physical Security at the following U.S Data Centers:
– Dallas
– Herndon
Access to Rackspace Network Devices (Firewalls, Routers, etc)
Rackspace Policies and Procedures
Some of the things that our customers need to do can be made easier because of this certification by:
Saving time & money during a PCI Assessment Process
Eliminating the need for onsite PCI audits by a Qualified Security Assessor (QSA)
Using a Compliant Hosting Infrastructure
Other things that you need to accomplish in order to become PCI compliant include:
File Integrity
Logging
IDS
Firewall
Quarterly Scanning (through Trustwave)
Server Hardening
Anti Virus (Windows)
Patching
Every time you take advantage of a Rackspace resource to address one
of these items, you help reduce the scope of work that you need to
accomplish in order to become compliant. While Rackspace offers
products to meet the requirements associated with each of the above
areas, you must ensure that your configuration meets the PCI Data
Security Standard (DSS) v1.1 as it relates to your environment.