PCI Compliance Framework for Instaclustr Services

This document is a technical report that outlines the PCI compliance framework for specific services offered by Instaclustr. It details the configurations that fall under the PCI compliance claims and provides an overview of the controls in place. The report specifies that services such as Apache Cassandra, Apache Kafka, OpenSearch, Redis, MongoDB, and Cadence can be provisioned in a PCI-compliant manner, with certain requirements for customers wishing to operate in PCI mode. It also highlights the necessity for dedicated underlying services and the supported cloud platforms, which are Amazon Web Services and Google Cloud Platform. Furthermore, the document describes the responsibilities of both Instaclustr and its customers in maintaining PCI compliance, including the need for encryption of Primary Account Numbers and the implementation of firewall rules. A PCI Responsibilities Matrix is included to clarify the obligations of both parties in ensuring compliance with PCI standards.