PCI DSS Compliant

sherwin · July 31, 2019, 12:28am

Hi,

I would like to ask if the Let’s Encrypt is PCI DSS Compliant? hoping you could give a link or proof that the Let’s Encrypt is compliant to PCI DSS.

Thank you so much

schoen · July 31, 2019, 12:33am

Hi @sherwin,

I would suggest reviewing the prior threads at

https://community.letsencrypt.org/search?q=pci-dss

If you have an auditor or a merchant bank verifying your compliance, you could also direct your question to them.

Let’s Encrypt is currently used by many online commerce sites and so it appears that people have found solutions to confirm compliance.

schoen · July 31, 2019, 12:34am

See also

I don’t believe there is a PCI-DSS audit for certificate authorities, only the WebTrust audit. Let’s Encrypt has passed this audit.

Buffalo · July 31, 2019, 2:00am

The certificate is only part of the PCI-DSS requirement process, and there are quite a few configuration issues (such as adjustment of cipher suites, etc) for servers besides the necessity for a certificate. You might check out

https://www.immuniweb.com/

for a starting point. If you run that test on my site

https://www.w5gfe.org/

you can see that LE certificates can certainly provide PCI-DSS (and HIPAA, and NIST) compliant sites.

system · August 30, 2019, 2:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Confirmation about PCI Compliance Issuance Policy	13	10576	May 23, 2016
Requesting compliance report - SSL Help	2	1413	November 8, 2019
Let's Encrypt for e-commerce sites? Help	11	5876	January 13, 2021
Credit Card Information and Social Security Number Help	6	4761	August 28, 2016
Namecheap Response to Let's Encrypt Issuance Tech	21	35858	March 4, 2018

PCI DSS Compliant

Related topics