MongoDB Achieves Independent Validation for PCI DSS Compliance

NEW YORK, NY—September 23, 2019— MongoDB, Inc. (NASDAQ: MDB), the leading, modern, general purpose database platform, today announced that its global cloud database, MongoDB Atlas, has been independently validated as a Payment Card Industry Data Security Standard (PCI DSS) certified service provider. Following an extensive audit process, the certification was issued by an independent Qualified Security Assessor (QSA).

“At MongoDB, we’re committed to providing built-in, best-in-class security features to our customers,” said Lena Smart, Chief Information Security Officer, MongoDB. “We’ve placed a premium on making MongoDB Atlas as secure as possible so customers are fully confident in running mission-critical workloads in the public cloud.”

PCI DSS is an information security standard developed by the PCI Standards Security Council which applies to all entities that store, process and/or transmit cardholder data. The PCI Standard was created to increase baseline technical, physical and operational security controls necessary for protecting payment card account data. The PCI DSS requirements apply to all system components included in or connected to the cardholder data environment. Along with certification, MongoDB is now a member of the PCI Security Standards Council with the ability to review and provide feedback on future standards.

“MongoDB Atlas is being used across the globe for business-critical applications in the most demanding industries, and providing best-in-class security capabilities and compliance certifications is a major part of that,” said Sahir Azam, SVP Cloud Products & GTM. “Securely handling credit card payments is foundational for online business worldwide, and our PCI compliance certification expands MongoDB’s mission in providing the leading global cloud database across all major cloud providers.”

Attaining PCI compliance is the latest in a series of global information security standards that MongoDB Atlas complies with, meeting the criteria for stringent workloads. These global information security standards include SOC2 and ISO27001:2013. Additionally, MongoDB Atlas assists customers with GDPR compliance and is HIPAA ready.

This spring, MongoDB received Security Technical Implementation Guide (STIG) approval from the Defense Information Systems Agency (DISA), making it the first non-relational database to do so. This approval allows U.S. Department of Defense (DoD) agencies to deploy MongoDB within certain DoD networks.

In June, MongoDB announced its new client-side field-level encryption capability in version 4.2. Most databases handle encryption on the server-side, but client-side field-level encryption changes that by providing automatic, transparent encryption, separation of duties and regulatory compliance.

Further Resources:

• MongoDB Trust Center

• MongoDB Atlas Security Whitepaper

• MongoDB Security Center

• Client-side field-level encryption documentation

About MongoDB

MongoDB is the leading modern, general purpose database platform, designed to unleash the power of software and data for developers and the applications they build. Headquartered in New York, MongoDB has more than 15,000 customers in over 100 countries. The MongoDB database platform has been downloaded over 70 million times and there have been more than one million MongoDB University registrations.