IBM Cloud PCI DSS Guidance provides the framework for how clients can deploy PCI DSS compliant systems and applications on IBM public cloud.
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the global adoption of consistent security measures. PCI DSS provides a baseline of technical and operational requirements designed to protect account information (including card number, expiration date, and verification data).
The IBM Cloud PCI DSS guide includes a high-level overview of PCI DSS requirements, a responsibility matrix summary, and example architectures to help clients deploy and operate a payment processing system to properly handle credit card data in a secure, compliant environment on IBM Cloud.
This guide is intended for IBM Cloud clients who require their IBM Cloud environment and related applications to be PCI DSS-compliant. Readers should be familiar with the latest PCI DSS requirements, as well as have some background on IBM Cloud Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) architecture.
IBM Cloud clients must independently analyze their particular environments and use cases in order to verify that their own control environment meets the requirements set forth by the PCI Security Standards Council (SSC) and cannot rely solely on this guide. No information in this guide can, or is intended to, supplant any guidance provided to the client by a Qualified Security Assessor (QSA,) the PCI SSC, or the entity’s acquirer.