3

We're setting up a card processing service on Amazon AWS, and were wondering whether the AWS Time Sync service could be incorporated without running afoul of the PCI time sync requirements?

Specifically, the requirements talk about all hosts, services, etc. synchronizing to a service hosted internal to the network, and that the internal NTP service is the only thing allowed to talk to external time sources.

I don't see the Time Sync Service listed on Amazon's list of "in-scope services" nor have I found anything on AWS re. Time Sync and PCI.

zanerock
  • 131
  • 3

1 Answers1

2

YES, it can. See here - https://docs.aws.amazon.com/whitepapers/latest/pci-dss-3-2-1-on-aws/guide-for-pci-dss-compliance-on-aws.html#requirement-10

It's also listed in their responsibility matrix as "shared" (meaning, they provide the PCI compliant "central" time servers and it's up to you to make sure you configure your instances to use it correctly) - "Customers can use Amazon Time Sync Service to deliver satellite-connected and atomic reference clocks in all AWS regions in Coordinated Universal Time (UTC) for instances."

schroeder
  • 123,438
  • 55
  • 284
  • 319
GuestUserPerson
  • 21
  • 2