PCI DSS Compliance Mandates
As formulated by the PCI Security Standards Council, the mandates of PCI DSS compliance include:
- Developing and maintaining a security policy that covers all aspects of the business Installing firewalls to protect data
- Encrypting cardholder data that is transmitted over public networks Using anti-virus software and updating it regularly
- Establishing strong passwords and other cyber security protocols
- Enforcing rigid access controls and monitoring access to account data
For large merchants that conduct high volumes of online financial transactions, PCI DSS compliance is enforced by annual validations performed by an independent Qualified Security Assessor (QSA).
For PCI compliance Akamai performs a quarterly third-party external penetration test of the Secure CDN. Results of these quarterly penetration tests, and compliance documentation and/or certification are available for customers under NDA.
The Attestation of Compliance (AoC) serves as evidence for our customers that Akamai's Secure CDN is compliant with the PCI DSS v. 3.2.1 security standard. This AoC is effective as of June 27, 2019 and is located here
. The Responsibility Matrix is also available here