My IBM Log in

IBM Cloud Renews and Expands PCI DSS Compliance for VPC Offerings

19 April 2023

2 min read

IBM Cloud VPC services have been renewed and expanded against the Payment Card Industry Data Security Standard (PCI DSS) standard (v3.2.1) for all global MZR data centers.

IBM Cloud completed the annual Payment Card Industry Data Security Standard PCI DSS assessment using an approved Qualified Security Assessor (QSA), and the resulting Attestation of Compliance (AOC) and Service Responsibility Matrix (SRM) guide is available upon client request.

Organizations looking to store, transmit or process cardholder data can use IBM Cloud services that have been assessed for PCI DSS compliance. A broad set of IBM Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings have also been assessed for PCI DSS, as detailed on IBM.com

Clients may leverage IBM Cloud services in a shared responsibility model to store, process and transmit cardholder data and use these services to create cardholder data environments (CDEs). Clients may request and use the IBM Cloud AOCs and SRM guides when seeking to develop these application environments and obtain their own PCI DSS certifications. It is the responsibility of the client to document and operate CDEs and applications built using IBM Cloud services in a PCI DSS-compliant manner.

     

    Assessed services

    The QSA reviewed the in-scope IBM Virtual Private Cloud (VPC) services for compliance under PCI DSS version 3.2.1 as a Level 1 Service Provider. Adding to the compliant IBM Cloud IaaS, PaaS and VPC services previously assessed under the PCI DSS are the following:

    • IBM Cloud Backup for VPC
    • IBM Cloud Bare Metal Servers for VPC (including SAP)
    • IBM Cloud Direct Link Connect (2.0)
    • IBM Direct Link Dedicated (2.0)
    • IBM Cloud DNS Services
    • IBM Cloud Secrets Manager
    • IBM Cloud Transit Gateway
    • IBM Cloud VPN for VPC – Client-to-Site server

    The previously assessed and renewed services include the following:

    • IBM Cloud Block Storage for Virtual Private Cloud
    • IBM Cloud Block Storage Snapshots for VPC
    • IBM Cloud Flow Logs for VPC
    • IBM Cloud Load Balancer for VPC
    • IBM Cloud Virtual Private Endpoint for VPC
    • IBM Cloud Virtual Private Cloud – Load Balancer for VPC: Application Load Balancer and Network Load Balancer
    • IBM Cloud Virtual Private Cloud – VPN for VPC – Site-to-Site gateway
    • IBM Cloud Virtual Server for VPC
    • IBM Cloud Virtual Server for VPC – Auto Scale for VPC
    • IBM Cloud Virtual Server for VPC – Dedicated Host for VPC

    Learn more

    Author

    Donald Kneitel

    Compliance Product Manager

    Tina Belani

    IBM Cloud Compliance Program Director
    Overview Annual report Corporate social responsibility Inclusion@IBM Financing Investor Newsroom Security, privacy & trust Senior leadership Careers with IBM Website Blog Publications Automotive Banking Consumer Goods Energy Government Healthcare Insurance Life Sciences Manufacturing Retail Telecommunications Travel Our strategic partners Find a partner Become a partner - Partner Plus Partner Plus log in IBM TechXChange Community LinkedIn X Instagram YouTube Subscription Center Participate in user experience research Podcasts United States — English Contact IBM Privacy Terms of use Accessibility