PCI DSS is an information security standard developed by the PCI Standards Security Council, and applies to all entities that store, process, and/or transmit cardholder data.
Yes, MongoDB Cloud has achieved PCI DSS 3.2.1 certification as of September 8, 2020.
Yes. MongoDB Cloud is a PCI DSS certified service provider. Depending on a customer’s selection, MongoDB Atlas runs MongoDB on Amazon Web Services (AWS), Google Cloud Platform (GCP), and/or Microsoft Azure, which are each PCI DSS compliant. More details about PCI DSS compliance for these cloud providers can be found on their respective websites:
No. Customers must manage their own PCI DSS compliance certification, and additional testing will be required to verify that your environment satisfies all PCS DSS requirements. However, for the portion of the PCI cardholder data environment (CDE) in MongoDB Cloud, your Qualified Security Assessor (QSA) can rely on the MongoDB Cloud Attestation of Compliance (AOC) without further testing.
The MongoDB Cloud PCI Attestation of Compliance (AOC) is available upon request. Please contact us for more information.
There are several features available in MongoDB Atlas that may help towards PCI DSS compliance, including:
Coalfire Systems, Inc. is the independent QSA for MongoDB.