Windows Azure Goes PCI-Compliant

azurecloudWindows Azure has been validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA).

The PCI DSS is the global standard that any organization of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. By providing PCI DSS validated infrastructure and platform services, Windows Azure delivers a compliant platform for you to run your own secure and compliant applications. You can now achieve PCI DSS certification for those applications using Windows Azure.

To assist customers in achieving PCI DSS certification, Microsoft is making the Windows Azure PCI Attestation of Compliance and Windows Azure Customer PCI Guide available for immediate download.

Visit the Trust Center for a full list of in scope features or for more information on Windows Azure security and compliance.

The announcement was made on Scott Gu’s blog post: Widows Azure: Staging Publishing Support for Web Sites, Monitoring Improvements, Hyper-V Recovery Manager GA, and PCI Compliance

Cloud Security is Shared Responsibility

When you use Windows Azure as your cloud platform, security is a shared responsibility. The Windows Azure team runs services with common operational practices and features across multiple geographies and jurisdictions. It is ultimately up to Azure’s users to evaluate our offerings against their your requirements to determine if Azure meets regulatory needs.

As such, Microsoft is responsible for the platform, and seeks to provide a cloud service that can meet the security, privacy, and compliance needs of our customers.   Customers are responsible for their environment once the service has been provisioned, including their applications, data content, virtual machines, access credentials, and compliance with regulatory requirements applicable to their particular industry and locale.

Learn more about Security in the Windows Azure Trust Center.

Azure Compliance

By providing customers with compliant, independently verified cloud services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run in Windows Azure. Microsoft provides Windows Azure customers with detailed information about our security and compliance programs, including audit reports and compliance packages, to help customers assess our services against their own legal and regulatory requirements.

The following logos summarize Windows Azure’s compliance.

        fedramp     Payment Card Industry  G-Cloud Impact Level 2 Accreditation



Windows Azure Trust Center