The Payment Card Industry (PCI) Data Security Standard (DSS) requires that if you accept, transmit or store credit cardholder data you must meet the requirements contained within the standard. The problem is that many people don’t know what that means. If you deal with credit cards and are required to meet the PCI DSS, my advice is to find a way to limit the scope of your compliance as much as possible. Rackspace recently concluded a two-year effort to receive our PCI Service Provider Report on Compliance (ROC) as a Compliant Level 1 Service Provider from Visa USA.
Rackspace pursued this compliance so that we can provide a PCI Compliant Hosting Infrastructure for its customers. Infrastructure, in this case, includes:
Physical Security at the following U.S Data Centers:
Access to Rackspace Network Devices (Firewalls, Routers, etc)
Rackspace Policies and Procedures
Some of the things that our customers need to do can be made easier because of this certification by:
Saving time & money during a PCI Assessment Process
Eliminating the need for onsite PCI audits by a Qualified Security Assessor (QSA)
Using a Compliant Hosting Infrastructure
Other things that you need to accomplish in order to become PCI compliant include:
Quarterly Scanning (through Trustwave)
Anti Virus (Windows)
Every time you take advantage of a Rackspace resource to address one of these items, you help reduce the scope of work that you need to accomplish in order to become compliant. While Rackspace offers products to meet the requirements associated with each of the above areas, you must ensure that your configuration meets the PCI Data Security Standard (DSS) v1.1 as it relates to your environment.