PCI-DSS

The Payment Card Industry Data Security Standard (PCI-DSS) is the security standard for organisations that store, process, or transmit credit card data. Maintained by the PCI Security Standards Council, established by major card brands. Microsoft 365 has PCI-DSS attestation of compliance at Level 1 (the highest tier, for organisations processing over 6 million transactions/year), with audit reports in the Service Trust Portal. For customers, using Microsoft 365 in scope of PCI-DSS requires specific configurations: DLP policies detecting credit-card numbers, transport rules encrypting card data in email, sensitivity labels classifying card data, audit logging on access. The Compliance Manager PCI-DSS assessment maps your configuration against the standard's controls.