1. Assessment Phase

  • PCI DSS 3.2.1 Compliance Assessment Execution
20 Credits

PCI DSS 3.2.1 Compliance Report

Overview

This report performs a technical assessment of your AWS environment against PCI DSS 3.2.1 (Payment Card Industry Data Security Standard), which defines technical and operational requirements to protect cardholder data and ensure secure handling of payment information.

This assessment evaluates your AWS environment against the following PCI DSS requirements:

Requirement 1: Install and maintain a firewall configuration

  • 1.2.1 – Restrict traffic to that which is necessary for the CDE
  • 1.3.1 – Implement a DMZ
  • 1.3.2 – Limit inbound internet traffic to the DMZ
  • 1.3.4 – Prevent unauthorized outbound traffic from the CDE
  • 1.3.6 – Segregate system components storing cardholder data

Requirement 2: Do not use vendor-supplied defaults

  • 2.1 – Change vendor-supplied defaults
  • 2.2 – Secure configuration standards
  • 2.2.2 – Enable only necessary services and protocols
  • 2.3 – Encrypt non-console administrative access
  • 2.4 – Maintain inventory of in-scope components

Requirement 3: Protect stored cardholder data

  • 3.4 – Render PAN unreadable
  • 3.6.4 – Rotate cryptographic keys at the end of cryptoperiod

Requirement 4: Encrypt transmission of cardholder data

  • 4.1 – Use strong cryptography over open/public networks

Requirement 6: Develop and maintain secure systems and applications

  • 6.2 – Install patches for known vulnerabilities

Requirement 7: Restrict access to cardholder data by business need

  • 7.2.1 – Enforce least privilege with deny-all-by-default access

Requirement 8: Identify and authenticate access to system components

  • 8.1.4 – Remove inactive accounts after 90 days
  • 8.2.1 – Encrypt credentials during transmission and storage
  • 8.2.3 – Password complexity
  • 8.2.4 – Change passwords every 90 days
  • 8.2.5 – Prevent reuse of last four passwords
  • 8.3.1 – MFA for non-console administrative access

Requirement 10: Track and monitor all access to network resources and cardholder data

  • 10.1 – Link audit trails to individual users
  • 10.2.1–10.2.7 – Log all access, actions, and events affecting the CDE
  • 10.3.1–10.3.6 – Ensure audit logs contain essential fields and metadata
  • 10.5.2 – Protect audit trail files from modification
  • 10.6 – Review logs and detect anomalies

Requirement 11: Regularly test security systems and processes

  • 11.4 – Intrusion detection/prevention
  • 11.5 – Change detection for critical file integrity

The assessment covers many AWS services, including IAM, VPC, S3, CloudTrail, RDS, and GuardDuty.

Upon completion, you will receive a detailed report showing which services and configurations align with PCI DSS 3.2.1 requirements, and which require remediation to reduce risk and move toward full compliance.