حدث
١٧ جمادى الأولى، ١١ م - ١٩ جمادى الأولى، ١١ م
حماية مؤسستك من خلال حلول مدعومة الذكاء الاصطناعي تم إنشاؤها عبر الأنظمة الأساسية والبيئات السحابية في Microsoft Ignite عبر الإنترنت.
تسجيل الآنلم يعد هذا المتصفح مدعومًا.
بادر بالترقية إلى Microsoft Edge للاستفادة من أحدث الميزات والتحديثات الأمنية والدعم الفني.
The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands, Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB). Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data.
Microsoft completed an annual PCI DSS assessment using an approved Qualified Security Assessor (QSA). The auditors reviewed Microsoft Azure, Microsoft OneDrive for Business, and Microsoft SharePoint Online environments, which include validating the infrastructure, development, operations, management, support, and in-scope services. The PCI DSS designates four levels of compliance based on transaction volume. Azure, OneDrive for Business, and SharePoint Online are certified as compliant under PCI DSS version 3.2 at Service Provider Level 1 (the highest volume of transactions, more than 6 million a year).
The assessment results in an Attestation of Compliance (AoC), which is available to customers and Report on Compliance (RoC) issued by the QSA. The effective period for compliance begins upon passing the audit and receiving the AoC from the assessor and ends one year from the date the AoC is signed.
Customers who want to develop a cardholder environment or card processing service can use these validations in many of the underlying portions, thereby reducing the associated effort and costs of getting their own PCI DSS certification.
It is important to understand that PCI DSS compliance status for Azure, OneDrive for Business, and SharePoint Online does not automatically translate to PCI DSS certification for the services that customers build or host on these platforms. Customers are responsible for ensuring that they achieve compliance with PCI DSS requirements.
For more information about Azure, Dynamics 365, and other online services compliance, see the Azure PCI DSS offering.
Microsoft Office 365 is a multi-tenant hyperscale cloud platform and an integrated experience of apps and services available to customers in several regions worldwide. Most Office 365 services enable customers to specify the region where their customer data is located. Microsoft may replicate customer data to other regions within the same geographic area (for example, the United States) for data resiliency, but Microsoft will not replicate customer data outside the chosen geographic area.
This section covers the following Office 365 environments:
Use this section to help meet your compliance obligations across regulated industries and global markets. To find out which services are available in which regions, see the International availability information and the Where your Microsoft 365 customer data is stored article. For more information about Office 365 Government cloud environment, see the Office 365 Government Cloud article.
Your organization is wholly responsible for ensuring compliance with all applicable laws and regulations. Information provided in this section does not constitute legal advice and you should consult legal advisors for any questions regarding regulatory compliance for your organization.
Use the following table to determine applicability for your Office 365 services and subscription:
Applicability | In-scope services |
---|---|
Commercial | OneDrive for Business, SharePoint Online |
Why does the Attestation of Compliance (AoC) cover page say 'September 2022'?
The September 2022 date on the cover page is when the AoC template was published. Refer to Section 2 for the date of the assessment.
What is the relationship between the PA DSS and PCI DSS?
The Payment Application Data Security Standard (PA DSS) is a set of requirements that comply with the PCI DSS, and replaces Visa's Payment Application Best Practices, and consolidates the compliance requirements of the other primary card issuers. The PA DSS helps software vendors develop third-party applications that store, process, or transmit cardholder payment data as part of a card authorization or settlement process. Retailers must use PA DSS certified applications to efficiently achieve their PCI DSS compliance. The PA DSS does not apply to Azure.
What is an acquirer and does Azure use one?
An acquirer is a bank or other entity that processes payment card transactions. Azure does not offer payment card processing as a service and thus does not use an acquirer.
To what organizations and merchants does the PCI DSS apply?
PCI DSS applies to any company, no matter the size, or number of transactions, that accepts, transmits, or stores cardholder data. That is, if any customer ever pays a company using a credit or debit card, then the PCI DSS requirements apply. Companies are validated at one of four levels based on the total transaction volume over a 12-month period. Level 1 is for companies that process over 6 million transactions a year; Level 2 for 1 million to 6 million transactions; Level 3 is for 20,000 to 1 million transactions; and Level 4 is for fewer than 20,000 transactions.
What is in-scope for OneDrive for Business and SharePoint Online?
Currently, only files and documents uploaded to OneDrive for Business and SharePoint Online will be compliant with PCI DSS.
Microsoft Purview Compliance Manager is a feature in the Microsoft Purview compliance portal to help you understand your organization's compliance posture and take actions to help reduce risks. Compliance Manager offers a premium template for building an assessment for this regulation. Find the template in the assessment templates page in Compliance Manager. Learn how to build assessments in Compliance Manager.
حدث
١٧ جمادى الأولى، ١١ م - ١٩ جمادى الأولى، ١١ م
حماية مؤسستك من خلال حلول مدعومة الذكاء الاصطناعي تم إنشاؤها عبر الأنظمة الأساسية والبيئات السحابية في Microsoft Ignite عبر الإنترنت.
تسجيل الآن