Hey everyone, I have some important news to share with you. If you are using Microsoft Azure to store, process or transmit cardholder data, you need to be aware of a recent change in the PCI DSS scope. PCI DSS stands for Payment Card Industry Data Security Standard, and it is a set of requirements that apply to any organization that handles credit or debit card information. The scope defines what parts of your system are subject to PCI DSS compliance.
Previously, Microsoft Azure was considered a PCI DSS validated service provider, meaning that some of its services were already compliant and could reduce your scope. However, as of March 2023, Microsoft has announced that it will no longer maintain its PCI DSS validation for Azure. This means that all Azure services are now out of scope for PCI DSS, and you are responsible for ensuring that your own environment meets the PCI DSS requirements.
This is a significant change that may affect your compliance status and your security posture. You should review your current use of Azure services and determine if you need to make any changes to your architecture, configuration, policies or procedures. You should also consult with your Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) to verify your compliance level and identify any gaps or risks.
If you have any questions or concerns about this change, please feel free to reach out to me or leave a comment below. I will try to answer them as best as I can.
Thank you for reading and stay safe!