By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Up-to-date AOC (PCI DSS Compliance)

0

I wanted to obtain the latest AOC issued to prove AWS’ compliance with PCI DSS. I found the latest document in the AWS Artifact. The name of the document claims that it is the latest report valid until dec 2023. However, upon opening the document and following the instructions that led me to the AOC, I see only outdated documentation, dated 2018. Where can I find the latest AOC? As this information is supposed to be publicly available, I would expect that anyone can find and access it, but it seems not ti be the case.

2 Answers
3

Hi,

I understand you would like to know where to find the latest Attestation of Compliance (AOC) for PCI DSS.

The only place to find the latest AOC for PCI DSS compliance is on AWS Artifact, which is publicly available.

The latest reporting period under the AWS reports show December 27, 2022 to December 27, 2023. However, when you download the report, and click on the Attachment Icon, you will see two pdf files. (AWS_2022_FALL_PCI_DSS_v3.2.1_AOC_Final_Executed_Signed.pdf) and (AWS PCI Responsibility Summary_Fall_Final.pdf)

To your question: I see only outdated documentation, dated 2018. Where can I find the latest AOC? The documentation is not outdated. Yes, the first page on the first pdf shows June 2018, but if you navigate to Section 3 (Validation and Attestation Details) on page 24/25, you will see the updated date of 12/27/2022 for AOC attestation.

Additionally, the second pdf file (AWS PCI Responsibility Summary_Fall_Final.pdf) page 71 downwards explains the responsibility of PCI requirements for AWS, and it is up-to-date. New Compliance Reports are automatically added to AWS Artifact as they become available.

I hope this helps. Let me know if I answered your question or if you have any follow-up.

Kind regards, Ahmed

References:

[1] https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html [2] https://aws.amazon.com/artifact/getting-started/

profile pictureAWS
EXPERT
answered 2 years ago
0

The 2018 date you see is the date the document template for the specific version (v3.2.1) of PCI-DSS attestation was created. If you scroll down to Page 24 of that document, you will see the attestation date of 12/27/2022 as you expect.

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions