The Payment Card Industry Data Security Standard (PCI DSS), maintained by the Security Standards Council, is a set of security requirements to protect cardholder data environments (CDEs) where payment card data is stored, processed, or transmitted. PCI DSS provides a baseline of rigorous technical and operational requirements designed to protect CDEs.
We’re excited to share that New Relic has achieved PCI DSS Level 1 certification. As a PCI Level 1 service provider, New Relic customers can rely on us to meet their monitoring needs and centralize tooling across both PCI-regulated environments and not.
Intelligent Observability to meet your compliance obligations
Logging and monitoring: Requirement 10 in PCI DSS version 4.0 sets stringent requirements for log retention and monitoring. With New Relic, you can customize your logging retention and monitoring using our Live Archives feature. You can further configure automated alerts for continuous monitoring of log events and tailor alerts to focus on critical actions to mitigate alert fatigue.
Centralized vulnerability reporting: Requirement 11 focuses on vulnerability management and testing practices for custom software. With New Relic Vulnerability Management you can centralize your vulnerability monitoring and reporting across your environment, including both software and infrastructure. Reduce toil for both developers and security teams by centralizing vulnerabilities from multiple scanning platforms and provide a single source of truth for triaging them.
One place to view your infrastructure: Requirement 12 includes standards for validating your PCI DSS scope, including an inventory of your system components. With New Relic, you can consolidate both on-premises and cloud infrastructure. Break down silos of reporting across environments and enrich your data for intelligent monitoring and insights on business risk.
Next steps
New Relic customers with PCI DSS obligations can use our platform to meet their own compliance requirements. Existing customers can inquire with their account team for a copy of our Attestation of Compliance (“AOC”).
The views expressed on this blog are those of the author and do not necessarily reflect the views of New Relic. Any solutions offered by the author are environment-specific and not part of the commercial solutions or support offered by New Relic. Please join us exclusively at the Explorers Hub (discuss.newrelic.com) for questions and support related to this blog post. This blog may contain links to content on third-party sites. By providing such links, New Relic does not adopt, guarantee, approve or endorse the information, views or products available on such sites.
