Rapidly Delivering PCI Compliance Within AWS
This organisation is a worldwide travel retail platform and marketplace.
Version 1 supported the customer by delivering a Payment Card Industry (PCI) compliance within AWS in a short time frame.
This organisation had recently changed their MSP and had a Payment Card Industry Audit (PCI) within 3 months of commencing the project with Version 1. It was crucial that Version 1 not only carry out a review of the existing environment but also plan an approach to ensure that the AWS environment was in compliance with the relevant data security standards within a short time frame prior to the audit commencing. This would ensure smooth daily operations and business for the customer, without any roadblocks.
Solution Proposed by Version 1
In order to achieve PCI compliance prior to the audit, a number of AWS Cloud Native Services were enabled and used, with AWS Security Hub being the keystone. This was used to evaluate and produce a list of remediations based off the following security standards.
- CIS AWS Foundations Benchmark v1.2.0
- PCI DSS v3.2.1
The remediation tasks were then carried out on the resources in the AWS environment. Tripwire was then implemented to further secure the AWS environment. Crowd strike AV was then rolled out across the infrastructure.
The key benefit and the biggest outcome of this was that the organisation achieved the PSI DSS Audit Certification for 2021. Ensuring that they functioned against industry best practices and complied with PCI data security standards.
Version 1 used AWS Services to continuously monitor the AWS environment for compliance, giving the company a longer-term benefit.
Further, Tripwire was implemented to enforce secure configuration policies to future-proof the customer’s security.