Skip to content

Commit 054b465

Browse files
msmbaldwinmsmbaldwin
committed
update
1 parent 5a08989 commit 054b465

File tree

2 files changed

+37
-4
lines changed

2 files changed

+37
-4
lines changed

articles/payment-hsm/certification-compliance.md

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,31 @@ ms.author: mbaldwin
1414

1515
# Certification and compliance
1616

17-
The Azure Payment HSM service is PCI PIN, PCI DSS, and PCI 3DS compliant.
17+
Azure maintains the largest compliance portfolio in the industry. For details, see [Microsoft Azure Compliance Offerings](https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/), Each offering description provides an up to-date-scope statement and links to useful downloadable resources.
1818

19-
- [Azure - PCI PIN - 2022 Package](https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3?command=Download&downloadType=Document&downloadId=52eb9daa-f254-4914-aec6-46d40287a106) – Microsoft Azure PCI PIN Attestation of Compliance (AOC) report for Azure Payment HSM.
20-
- [Azure - PCI DSS - 2022 Package](https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3?command=Download&downloadType=Document&downloadId=b9cc20e0-38db-4953-aa58-9fb5cce26cc2&tab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb&docTab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb_PCI_DSS) – Contains the official PCI DSS certification reports and shared responsibility matrices. The PCI DSS AOC includes the full list of PCI DSS certified Azure offerings and regions. Customers can use Azure's PCI DSS AOC during their PCI DSS assessment.
21-
- [Azure - PCI 3DS - 2022 Package](https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3?command=Download&downloadType=Document&downloadId=45ade37c-753c-4392-8321-adc49ecad12c&tab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb&docTab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb_PCI_DSS) – Contains the official PCI 3DS certification report, shared responsibility matrix, and whitepaper. The PCI 3DS AOC includes the full list of PCI 3DS certified Azure offerings and regions. Customers can use Azure’s PCI 3DS AOC during their PCI 3DS assessment.
19+
Azure payment HSM meets following compliance standards:
20+
21+
- PCI DSS
22+
- PCI PIN
23+
- PCI 3DS
24+
- CSA STAR Certification
25+
- CSA STAR Attestation
26+
- ISO 20000-1:2018
27+
- ISO 22301:2019
28+
- ISO 27001:2013
29+
- ISO 27017:2015
30+
- ISO 27018:2019
31+
- ISO 27701:2019
32+
- ISO 9001:2015
33+
- SOC 1, 2, 3
34+
- Germany C5
35+
36+
To download latest certification and attestation reports, please go to [Service Trust Portal Home Page (microsoft.com)](https://servicetrust.microsoft.com/ViewPage/HomePageVNext)
37+
38+
For example, the latest PCI certification reports and shared responsibility matrices are:
39+
- [Azure PCI PIN V3.1](https://servicetrust.microsoft.com/DocumentPage/52eb9daa-f254-4914-aec6-46d40287a106) (2022-09-16)
40+
- [Azure PCI DSS V4.0](https://servicetrust.microsoft.com/DocumentPage/3be58cb9-de55-426b-9c3d-0ba90dd29572) (2023-03-07)
41+
- [Azure PCI 3DS V1.0](https://servicetrust.microsoft.com/DocumentPage/a9fe4984-3c73-4abf-bf88-a197c3821690) (2023-03-07)
2242

2343
Thales payShield 10K HSMs are certified to FIPS 140-2 Level 3 and PCI HSM v3.
2444

articles/payment-hsm/deployment-scenarios.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,19 @@ For High Availability, customer must allocate HSMs between stamp 1 and stamp 2 (
3838

3939
This scenario caters to regional-level failure. The usual strategy is to completely switch the application stack (and its HSMs), rather than trying to reach an HSM in Region 2 from application in Region 1 due to latency.
4040

41+
## fastpathenabled
42+
43+
The fastpathenabled tag is an Azure Feature Exposure Control (AFEC) flag, which will enable subscriptions to connect to Payment HSM.
44+
45+
The fastpathenabled tag must be added/registered to all subscriptions that connect to Payment HSM. Enabling the fastpathenabled tag on the subscriptions with existing resources will have **no** impact on the existing resources. Follow the steps outlined in Register the [Azure Payment HSM resource providers](register-payment-hsm-resource-providers.md?tabs=azure-cli).
46+
47+
> [!NOTE]
48+
> If you have multiple subscriptions that require access to a Payment HSM, contact [Mirosoft support](support-guide.md#microsoft-support) to have all subscription IDs enabled.
49+
50+
The fastpathenabled tag must be enabled on any virtual networks that the Payment HSM uses, peered or otherwise. For instance, to peer a virtual network of a payment HSM with a virtual network of a VM, you must first add the fastpathenabled tag to the latter. Unfortunately, adding the fastpathenabled tag through the Azure portal is insufficient -- it must be done from the commandline. To o so, follow the steps outlined in [How to peer Azure Payment HSM virtual networks](peer-vnets.md?tabs=azure-cli)
51+
52+
For an MNAT scenario, ensure that you add the fastpathenabled tag with a value of `True` when creating the NAT gateway (not after the NAT gateway is created).
53+
4154
## Next steps
4255

4356
- Learn more about [Azure Payment HSM](overview.md)

0 commit comments

Comments
 (0)