AnnouncementIntroducing MongoDB 8.0, the fastest MongoDB ever! Read more >
NEWSLearn why MongoDB was named a leader in the 2024 Gartner® Magic Quadrant™ Read the blog >
AnnouncementIntroducing Search Demo Builder, the newest addition to the Atlas Search Playground Learn more >

Back to Trust Center


PCI DSS—for Atlas for Government

The Payment Card Industry Data Security Standard (PCI DSS) applies to all entities that store, process, or transmit cardholder data. MongoDB Atlas for Government has been validated as a PCI-compliant service provider by Schellman Compliance, LLC, an independent Qualified Security Assessor (QSA).

Existing customers can request documentation here. Prospective customers, please contact us.

What is PCI DSS?

PCI DSS is an information security standard developed by the PCI Standards Security Council, and it applies to all entities that store, process, or transmit cardholder data.

Is MongoDB Cloud PCI DSS certified?

Currently, MongoDB Atlas for Government has achieved PCI DSS 4.0 as of January 2025.

I am a PCI DSS merchant. Can I store cardholder data on MongoDB Atlas for Government?

Yes. MongoDB Atlas for Government is a PCI DSS-certified service provider. Depending on a customer’s selection, MongoDB Atlas runs MongoDB on Amazon Web Services (AWS) and Google Cloud, which are each PCI DSS compliant. More details about PCI DSS compliance for these cloud providers can be found on their respective websites:

If I use MongoDB Atlas for Government for storing, processing, or transmitting cardholder data, will I be automatically compliant with PCI DSS?

No. Customers are responsible for managing their own PCI DSS compliance certification. Additional testing will be required to verify that your environment satisfies all PCI DSS requirements. However, for the portion of the PCI cardholder data environment (CDE) in MongoDB Atlas for Government, your Qualified Security Assessor (QSA) can rely on the MongoDB Cloud Attestation of Compliance (AOC) without further testing.

Where can I download the PCI DSS certificate for MongoDB Atlas for Government?

The MongoDB Atlas for Government PCI Attestation of Compliance (AOC) is available upon request.

Existing customers can request documentation here. Prospective customers, please contact us.

Which security features can help towards my PCI DSS compliance?

There are several features available in MongoDB Atlas that may help towards PCI DSS compliance, including:

Who is the Qualified Security Assessor (QSA) for MongoDB?

Schellman Compliance, LLC is the independent QSA for MongoDB.

Which MongoDB services are in the scope of the PCI DSS certification?

The scope of PCI DSS 4.0 certification includes MongoDB Atlas, Atlas App Services, MongoDB Charts, Atlas Serverless, Cloud Manager, MongoDB Atlas Data Lake, MongoDB Atlas Data Federation, Atlas Search, and MongoDB Atlas for Government. Any products or features that are in beta, preview, or similar are not in scope.