Frequently asked questions about PCI DSS

Frequently asked questions about PCI DSS

  • What's PCI DSS certification?

    The Payment Card Industry Data Security Standard (PCI DSS) is a set of information security standards for payment cards jointly promoted by five international credit card organizations (including ISA, JCB, and Mastercard).


    The PCI DSS specifies twelve requirements for compliance, organized into six logically related groups: 1) build and maintain secure networks and systems; 2) protect cardholder data; 3) maintain a vulnerability management program; 4) implement strong access control measures; 5) regularly monitor and test networks; 6) maintain an information security policy. Through these, the PCI DSS helps protect the security of cardholder data and sensitive verification data.


    Huawei Cloud has earned PCI DSS level-1 certification (highest level) based on the 4.0 version. This certifies Huawei Cloud's ability to protect your sensitive data. Huawei Cloud also provides various products to help you ensure compliance with the PCI DSS standard.


    In addition, Huawei Cloud invites third-party organizations to periodically review its information security management systems based on changing conditions. This enables Huawei Cloud services to always deliver leading data protection capabilities.

  • What organizations or entities need PCI DSS certification?

    PCI DSS certification may be needed for any entity participating in payment card handling, including merchants, processors, receipt agencies, card issuers, and service providers. It may also be needed by entities that store, process, or transmit cardholder data and other sensitive information.


    It is advisable that other entities who do not handle cardholder data but are still involved in relevant activities improve their ability in implementing data protection by conforming to relevant PCI DSS requirements.

  • Which Huawei Cloud services are covered by PCI DSS certification?

    The PCI DSS certification covers over 150 Huawei Cloud services, including but not limited to Advanced Anti-DDoS (AAD), Web Application Firewall (WAF), Data Encryption Workshop (DEW), and Database Security Service (DBSS). You can download Huawei Cloud's PCI DSS certificate from Compliance Certificates.


    If you would like to learn more about our products, please contact us.

  • Which of the PCI DSS requirements are intended for me as a cloud service user?

    The PCI DSS specifies 12 requirements for compliance, such as installing and maintaining a firewall configuration to protect cardholder data, and changing vendor-supplied defaults for system passwords and other security parameters. This helps organizations protect the cardholder data they possess. In "Huawei Cloud Practical Guide for PCI DSS", you can find the purpose of each requirement and the separate responsibilities of both yourself and Huawei Cloud.

  • Can my organization become PCI DSS-certified automatically by using Huawei Cloud?

    Huawei Cloud helps you deploy PCI DSS-compliant cloud environments, but using services provided by Huawei Cloud does not certify your organization's compliance with the PCI DSS. If you wish to be certified by PCI DSS, contact a Qualified Security Assessor authorized by the PCI Security Standards Council to evaluate your system. The scope typically covers all components of your system that handles cardholder data.

  • What PCI DSS resources can Huawei Cloud provide to me?

    Huawei Cloud provides a practical guide for PCI DSS that explains the purpose of each PCI DSS requirement as well as Huawei Cloud's responsibilities in working towards PCI DSS compliance. You can use this document to guide your practices and your choice of relevant Huawei Cloud services.