PCI DSS Compliant

sherwin · July 31, 2019, 12:28am

Hi,

I would like to ask if the Let’s Encrypt is PCI DSS Compliant? hoping you could give a link or proof that the Let’s Encrypt is compliant to PCI DSS.

Thank you so much

schoen · July 31, 2019, 12:33am

Hi @sherwin,

I would suggest reviewing the prior threads at

https://community.letsencrypt.org/search?q=pci-dss

If you have an auditor or a merchant bank verifying your compliance, you could also direct your question to them.

Let’s Encrypt is currently used by many online commerce sites and so it appears that people have found solutions to confirm compliance.

schoen · July 31, 2019, 12:34am

See also

I don’t believe there is a PCI-DSS audit for certificate authorities, only the WebTrust audit. Let’s Encrypt has passed this audit.

Buffalo · July 31, 2019, 2:00am

The certificate is only part of the PCI-DSS requirement process, and there are quite a few configuration issues (such as adjustment of cipher suites, etc) for servers besides the necessity for a certificate. You might check out

https://www.immuniweb.com/

for a starting point. If you run that test on my site

https://www.w5gfe.org/

you can see that LE certificates can certainly provide PCI-DSS (and HIPAA, and NIST) compliant sites.

system · August 30, 2019, 2:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.