Compliance

PCI-DSS

Is Fanatical Support for AWS PCI-DSS compliant?

Rackspace is a certified Level 1 Payment Card Industry (PCI) Service Provider on Fanatical Support for AWS.

What was the scope of the PCI-DSS assessment?

For Fanatical Support for AWS, the Rackspace Service Provider assessment scope is detailed in the Executive Summary document provided to all customers. This assessment includes tooling and infrastructure operated by Rackspace and excludes AWS infrastructure, which is covered under their Report on Compliance.

Fanatical Support for AWS and related systems and tooling are PCI-DSS compliant. Does that mean that my solution will be compliant as well?

Hosting a solution with Rackspace does not make a customer PCI-DSS compliant. Fanatical Support for AWS Solution Architects are happy to assist our customers in navigating our product portfolio to identify solutions which meet their regulatory needs.

Can Rackspace help my solution become PCI-DSS compliant?

Rackspace is not a Qualified Security Assessor (QSA) and therefore cannot give a qualified opinion on the PCI-DSS compliance status of a customer’s solution. In addition, due to many variations in our service delivery configurations we cannot offer PCI-DSS compliant solutions “out of the box.” However, Rackspace can provide services, products and an extensive partner network that will satisfy many of the necessary PCI-DSS requirements. For a detailed list of controls and how Rackspace can assist, please request the PCI Responsibility Matrix.

Can Rackspace provide proof of its PCI-DSS compliance?

Rackspace can provide the following PCI-DSS Compliance Package:

• PCI Responsibility Matrix
• PCI-DSS Report on Compliance Executive Summary
• List of controls that belong to the Service Provider
• The Rackspace Attestation of Compliance

Note: Rackspace cannot release the full PCI-DSS Report on Compliance as it contains proprietary and commercially sensitive details of Rackspace security processes.

How can I get the PCI DSS Compliance Package?

Customers can access attestation of compliance forms in the Fanatical Support for AWS control panel: under the account drop-down in the upper right-hand corner, select “Documents and Forms”, and navigate to the “Rackspace Cloud Security Documents” section.

Does Fanatical Support for AWS service level matter for PCI-DSS?

Customers can leverage our PCI-compliant tooling and infrastructure. Note, however, that other service level provides a greater number of value-added services to include design, service selection, monitoring, and more that make achieving PCI-DSS compliance easier.

I have general questions about Rackspace Security beyond the scope of PCI-DSS - where can I get answers to those questions?

We have a Rackspace Information Security FAQ which includes additional information around security policy, internal organization, human resources, access controls, and more. Similar to the PCI-DSS Compliance Package, it can be requested from your Fanatical Support for AWS Technical Account Manager.

HIPAA

Can Fanatical Support for AWS support HIPAA workloads?

Yes, Rackspace can act as a business associate to support customers with HIPAA workloads at AWS.

Why is it important to have a Managed Service Provider (MSP) who can manage workloads on top of AWS if AWS already provides HIPAA-eligible services?

Any business that has needs to store, process, or transmit HIPAA data needs to ensure that the Managed Service Provider they choose on top of AWS has practices in place to allow them to comply with HIPAA, as well as a signed BAA (Business Associate Agreement).

Does Fanatical Support for AWS service level matter for HIPAA?

We provide management for customers running HIPAA workloads at AWS. However, with other service level customers can take advantage of value-add services like best-practice architecture, service selection, patching, monitoring, and ongoing operations that may make achieving HIPAA compliance easier for customers.

Do I need to maintain a Business Associate Agreement (BAA) with both Rackspace and AWS?

For the AWS accounts that Rackspace supports, you only need to sign a BAA with Rackspace.

How can I get a copy of the Fanatical Support for AWS BAA?

Please get in touch with your Fanatical Support for AWS Technical Account Manager (TAM) or Rackspace Sales Representative who can get you a copy of the Fanatical Support for AWS BAA.