This article provides information regarding Payment Card Industry Data Security Standard (PCI DSS) compliance and how Okta achieves this standard.
- Okta Classic Engine
- Okta Identity Engine (OIE)
- Payment Card Industry (PCI)
- Data Security Standard (DSS)
- PCI DSS
The PCI DSS is designed to reduce the risk of debit and credit card data loss. The standard controls outline methods to prevent and detect data loss, and how to respond if a potential data loss occurs.
In 2018, a commitment was announced to support customers who use the service to protect cardholder data environments by releasing the PCI DSS Self-Assessment Questionnaire D (SAQ-D) Attestation of Compliance (AOC) for the Identity as a Service (IDaaS) service. Currently, the SAQ-D is assessed by a Qualified Security Assessor (QSA) and is available for download.
To access the PCI DSS SAQ-D AOC, administrators of current customers must sign in to the Okta Support Center. The AOC can be downloaded directly by current customer administrators and primary contacts from the Okta Security Trust Center.
If a version newer than 4.0.1 is not listed, the latest available AOC has not yet been publicly updated. To ensure access to the most recent version as soon as it becomes available, verify that the administrator or primary contact has access to the Trust Center. If access is missing, an Account Executive can help add the appropriate contact. Prospective customers interested in accessing the AOC should contact an account representative.
