Sign in to my dashboard Create an account
Menu
Magnify glass on gray background

Payment Card Industry Data Security Standard (PCI DSS)

November 2023

Compliance with the PCI DSS is required of all companies that process, store, or transmit credit card information through the five major payment card brands. Amazon FSx for NetApp ONTAP and Instaclustr™ by NetApp® have been certified as compliant with the PCI DSS at Level 1—the highest level of transactions. 

The PCI DSS is a set of security standards designed to improve payment account security and prevent fraud throughout the transaction process by increasing control of credit card data. Compliance with the PCI DSS is required of all companies that process, store, or transmit credit card information through the five major payment card brands: American Express, Discover, the Japan Credit Bureau (JCB), MasterCard, and Visa.

Based on the total transaction volume over a 12-month period, companies are evaluated and classified at one of four levels, ranging from Level 1 for companies processing over 6 million transactions annually to Level 4 with fewer than 20,000 transactions a year.

The PCI Security Standards Council (PCI SSC), an independent body created by the major payment card corporations, sets the standards, administers them, and manages their ongoing evolution.

NetApp and the PCI DSS

Amazon FSx for NetApp ONTAP certification of compliance with PCI DSS is maintained by Amazon Web Services (AWS), which is certified as a Level 1 service provider. The compliance assessment was conducted by Coalfire Systems Inc., an independent Qualified Security Assessor (QSA), which issued the Attestation of Compliance.  

Instaclustr by NetApp undergoes an annual PCI audit to confirm that it is maintaining the strict security protocols required by the payment card industry. NetApp engages Foregenix, a QSA, to validate compliance with the PCI DSS through an assessment that includes quarterly vulnerability scans. After performing the requisite audits, Foregenix issued an Attestation of Compliance at Level 1.  

Note that the PCI DSS compliance of these NetApp services don’t translate automatically to PCI DSS certification for the services that customers run on our services. Customers must manage their own PCI DSS compliance certification and engage their own QSA to validate that their environment complies with PCI DSS requirements. 

NetApp in-scope products and services

  • Amazon FSx for NetApp ONTAP 

Instaclustr has five main offerings covered by PCI DSS certification, which are currently restricted to Amazon Web Services (AWS) and Google Cloud Platform (GCP): 

Audits, reports, and certificates

Frequently asked questions

Where can I get more information about the PCI DSS compliance of these NetApp services?

What benefits does the PCI DSS certification of Instaclustr bring to customers who are not using the PCI option?

The Instaclustr management network, which deploys, manages, and monitors all components of a customer’s data infrastructure, must comply with all required PCI DSS controls. This means that even customers who do not elect PCI-level security on their own managed infrastructure still benefit from Instaclustr’s strict adherence to PCI DSS security policies.

Back To Top

More information

Drift chat loading