We are pleased to announce that MongoDB Atlas is now officially PCI DSS compliant and certified as a Service Provider. That means we've completed an on-site assessment with a Report on Compliance (ROC) and Attestation of Compliance (AOC), signed by an independent Qualified Security Assessor.
PCI DSS compliance is needed whenever an organization handles credit card payments to ensure the processing of those credit cards, and the cardholder data, is done securely. When an organization wants to handle credit cards, they need to manage their own PCI DSS compliance certification. PCI DSS requirements cover every element of a system. Now, with MongoDB Atlas already certified as compliant, that process will become simpler because the QSA can rely on the MongoDB Atlas AOC without having to perform further testing.
We are also pleased to announce that, further to our certification, we have become members of the PCI Security Standards Council, with the ability to review and provide feedback on future standards. This membership further demonstrates our commitment to payment card data security within MongoDB Atlas.
MongoDB Atlas Security Highlights
- Atlas Clusters can be configured to support TLS 1.2.
- Atlas Clusters can be VPC peered between your application cloud and Atlas Clusters so all communications happen over private networks.
- Atlas allows you to bring your own key management provider to the MongoDB encrypted storage engine for stronger at-rest encryption.
- Applications can use client-side field level encryption (in beta), allowing fields to be encrypted before they are sent to MongoDB Atlas.
Do you want to know more? We have a full FAQ with all the details you need to know.