%0 Journal Article %@ 16135113 %A Shabina %A Ali, R.F. %A Jahankhani, H. %A Siddiqi, Y. %A Hassan, B. %D 2024 %F scholars:20035 %I Springer %J Advanced Sciences and Technologies for Security Applications %P 185-216 %R 10.1007/978-3-031-52272-7₈ %T Ensuring Securing PII Data in the AWS Cloud: A Comprehensive Guide to PCI DSS Compliance %U https://khub.utp.edu.my/scholars/20035/ %V Part F %X According to the PCI Security Standards Council, ensuring compliance with the Payment Card Industry Data Security Standard is essential for protecting sensitive cardholder data (Elluri et al. in An integrated knowledge graph to automate GDPR and PCI DSS compliance. IEEE, Seattle, WA, pp. 1266â��1271, 2018 1). Maintaining PCI DSS compliance poses additional difficulties in a changing environment where cloud computing usage is increasing, particularly within Amazon Web Services (AWS). This abstract explores the value of PCI DSS compliance, the consequences of non-compliance, and the crucial role that AWS plays in enabling and maintaining PCI DSS compliance within cloud systems. It is the obligation of organizations trusted with cardholder data to adhere to a strict set of security measures outlined in PCI DSS compliance. Beyond simple regulatory violations, failure to satisfy these requirements can have far-reaching financial repercussions, reputational damage, and increased vulnerability to data breaches. Notably, the broad range of services and features built into the AWS cloud platform give users a toolbox to comply with PCI DSS requirements. AWS offers a foundational infrastructure that is intrinsically secure, allowing organizations to build and deploy environments that seamlessly comply with PCI DSS requirements. The compliance posture is strengthened by this fortified foundationâ��s incorporation of a variety of capabilities, including encryption methods, tokenization, Role based data filter and access control, careful network segmentation and diligent access control systems (AWS in Payment card industry data security standard (PCI DSS) 3.2.1 on AWS, 2023a 2). Adopting a number of advised practices is necessary to achieve PCI DSS compliance within AWS. These include the creation of strong incident response and recovery protocols, the imposition of strict access protocols, the use of thorough logging and vigilant monitoring tools, the execution of periodic vulnerability assessments, and the design and implementation of secure network architectures. By providing essential services like AWS CloudTrail for audit facilitation, AWS Identity and Access Management (IAM) for streamlined identity governance, and AWS Config. for ongoing compliance validation, AWS further supports these efforts (Sondhi in PCI 3DS whitepaper, 2020 3). These best practices must be adhered to without wavering, and AWSâ��s collection of compliance-focused technologies must be strategically used, in order to reduce the difficulties associated with maintaining PCI DSS compliance in the dynamic AWS cloud environment. The abstract emphasizes the importance of PCI DSS compliance, clarifies the consequences of non-compliance, and emphasizes AWSâ��s crucial role in creating and assuring compliance within cloud frameworks. The abstract provides a solid framework for further research and academic investigation into this important area by clearly outlining these elements. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024. %Z cited By 0