(Cloud) Tip of the Day: Azure achieves PCI DSS compliance


Today’s (Cloud) Tip…Azure achieves PCI DSS compliance

As of January 16th, Windows Azure has been validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA).

The PCI DSS is the global standard that any organization of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. By providing PCI DSS validated infrastructure and platform services, Windows Azure delivers a compliant platform for you to run your own secure and compliant applications. You can now achieve PCI DSS certification for those applications using Windows Azure.

To assist customers in achieving PCI DSS certification, Microsoft is making the Windows Azure PCI Attestation of Compliance and Windows Azure Customer PCI Guide available for immediate download.

Visit the Trust Center for a full list of in scope features or for more information on Windows Azure security and compliance.


Comments (2)

  1. Tim Holman says:

    The Windows Azure PCI Attestation of Compliance (AoC) does not list any services that customers can actually go out and buy. The AoC certifies the following services:

    Azure Core Services, Azure Platform Services, Azure Directory Services, Data Processing, Infrastructure, Operations.

    …but these services (at least by name, anyway), cannot be "bought".

    Tim Holman, QSA, 2-sec.

  2. Tim Holman says:

    I’ve put together the following blog article, as to why a QSA such as myself with several years PCI DSS auditing experience, has an issue with Azure:

    https://www.2-sec.com/2015/11/19/is-microsoft-azure-pci-dss-compliant-lessons-in-due-diligence/

Skip to main content