Architecting for PCI DSS Segmentation and Scoping on AWS

Architecting for PCI DSS Segmentation and Scoping on AWS

  • June 8, 2019
Table of Contents

Architecting for PCI DSS Segmentation and Scoping on AWS

AWS has published a whitepaper, Architecting for PCI DSS Scoping and Segmentation on AWS, to provide guidance on how to properly define the scope of your Payment Card Industry (PCI) Data Security Standard (DSS) workloads running on the AWS Cloud. The whitepaper looks at how to define segmentation boundaries between your in-scope and out-of-scope resources using cloud native AWS services. The whitepaper is intended for engineers and solution builders, but it also serves as a guide for Qualified Security Assessors (QSAs) and internal security assessors (ISAs) to better understand the different segmentation controls available within AWS products and services, along with associated scoping considerations.

Compared to on-premises environments, software defined networking on AWS transforms the scoping process for applications by providing additional segmentation controls beyond network segmentation. Thoughtful design of your applications and selection of security-impacting services for implementing your required controls can reduce the number of systems and services in your cardholder data environment (CDE).

Source: amazon.com

Tags :
Share :
comments powered by Disqus

Related Posts

A Detailed Overview of AWS API Gateway

A Detailed Overview of AWS API Gateway

Look inside the black box of AWS API Gateway to understand authorization, method requests and responses, integration requests and responses, VTL templates, and more. AWS API Gateway is an awesome service to use as an HTTP frontend. You can use it for building serverless applications, for integrating with legacy applications, or for proxying HTTP requests directly to other AWS services.

Read More
Disaster Tolerance Patterns Using AWS Serverless Services

Disaster Tolerance Patterns Using AWS Serverless Services

In my previous post (Disaster Recovery for Cloud Solutions is Obsolete) I asserted that you should design your cloud architectures for Disaster Tolerance from the start (even if it is counter intuitive to do so by lean principles). I also argued that you should do this because it’s easy if you do it now, and it will help your business even if there is never a disaster.

Read More
Packets-per-second limits in EC2

Packets-per-second limits in EC2

While evaluating the performance of a server application, we eventually (and hopefully) run up against the most fundamental constraining factor: the network. Cloud providers tend to offer somewhat handwavy guidance on networking constraints, especially when compared to the exhaustive literature explaining the quotas for RAM, CPU, and I/O. While working on an unrelated stress test in EC2, we were surprised by some results that led us down the path of investigating EC2 network capacity claims, resulting in this writeup. EC2 documentation describes network performance in terms of maximum available bandwidth.

Read More