DataStax Astra DB Achieves PCI DSS 3.2.1 Compliance

DataStax is excited to announce that Astra DB on AWS has received an attestation of PCI DSS 3.2.1 compliance from Coalfire, marking a significant milestone in delivering the security and safety of our customers storing Customer Card Data (CCD) on Astra. We understand that our customers trust Astra DB as their platform of choice and that sensitive data must be protected to the highest standard. We are committed to maintaining and demonstrating the highest levels of security and privacy in order to protect that data. Read on to learn more about what PCI compliance means and the steps we took to achieve it.

Why PCI compliance matters

The PCI DSS requires companies to maintain a secure environment for handling all types of payment information, including credit card, debit card, and electronic check information. If your applications or services deal with this data and you require your services to be PCI compliant, it's important to ensure that any third-party services or providers that you use can support this standard. Using services or providers who have not taken the necessary security precautions could compromise your environment and/or compliance. 

What does it mean for Astra DB to be PCI Compliant? 

It means that we have taken the necessary steps within the Astra database service to protect data in accordance with the PCI DSS best practices and requirements. DataStax is continually evaluating and expanding our security program. PCI compliance joins a host of security features and protections, including our existing SOC2 compliant security program based on industry best practices across access control, strong authentication, encryption, network security, governance, risk management, and secure software development.

What does it mean to you that Astra DB on AWS is PCI Compliant? 

This attestation complements your own controls as you look to ensure your full stack is compliant. The attestation of Astra’s PCI compliance comes from an independent 3rd party (Coalfire) qualified to objectively assess DataStax’s ability to deliver against the aforementioned controls, so you can rest assured that DataStax is a trusted provider to support your ongoing PCI compliance.

DataStax is committed to ensuring the highest level of protection for your data and the sensitive data of your customers. We’ll continue to communicate new areas that enhance the security of your deployments and help to build trust in DataStax as the environment of choice for all of your data and applications. 

For more information on Astra's PCI compliance see the PCI Whitepaper, and for more information on Astra's overall security see the Security Whitepaper.