AWS PCI Compliance for Ecommerce Website

Ensuring Payment Card Industry (PCI) Compliance for Your AWS Services

Prev Question Next Question

Question

Your department is in charge of developing an Ecommerce website where customers can browse and purchase products online.

The application is developed in the AWS platform.

A wide range of AWS services is used, including EC2, Lambda, CloudFormation, etc.

Recently, internal security auditors asked you to provide a document to state that the related AWS services meet the Payment Card Industry (PCI) compliance.

How should you provide the document?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: D.

Option A is incorrect because IAM Credential Report only contains IAM user information, and it does not provide evidence for being PCI compliant.

Option B is incorrect because users do not need to contact AWS support for this task as they can themselves get the reports from AWS Console using the Artifact service.

Option C is incorrect because AWS Config Resource Inventory cannot provide documents & reports for being PCI compliant.

Option D is CORRECT because AWS Artifact provides a report and details on how your AWS infrastructure & services being used on your account are PCI compliant and helps validate the implementation and operating effectiveness of AWS security controls.

For more information on AWS Artifact, kindly refer to the below URL:

https://aws.amazon.com/artifact/
Create Alarm You can use CloudWatch alarms to be notified automatically whenever metric data reaches a level you define. To edit an alarm, first choose whom to notify and then define when the notification should be sent. ) Send a notification to: | MyTopic ¥) create topic @ Take the action: @ Recover this instance (i) O Stop this instance (i) © Terminate this instance (i) © Reboot this instance (i) Whenever: Status Check Failed (System) is: Failing For at least: 2 consecutive period(s) of Name of alarm: awsec2-i-myinstance-High-Status-Check-Failed-S

The correct answer is D. Download Payment Card Industry (PCI) compliance document from AWS Artifact and provide it to auditors.

Explanation:

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards created to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

When building an eCommerce website that accepts payments, it is important to ensure that it complies with PCI DSS requirements. AWS provides a range of services that can be used to build PCI DSS-compliant systems, including EC2, Lambda, CloudFormation, etc.

AWS Artifact is a service that provides on-demand access to AWS compliance reports and other documentation. It allows users to download various compliance reports, including PCI DSS, which details the specific AWS services that are compliant with PCI DSS requirements.

To provide the document requested by the internal security auditors, you need to follow the steps below:

  1. Log in to the AWS Management Console.
  2. Navigate to AWS Artifact.
  3. Click on "Compliance Reports" and then click on "PCI DSS" to download the document.
  4. Provide the downloaded document to the internal security auditors.

Option A, downloading the IAM Credential Report, is not relevant to the request made by the auditors. Option B, submitting a request to AWS support, is not necessary as the document is readily available on AWS Artifact. Option C, downloading the PCI compliance document from AWS Config Resource Inventory, is also not relevant to the request made by the auditors, as this is a different service that does not provide the PCI DSS compliance document.

Prev Question Next Question