La conformidad con el PCI DSS para APM y Log Management sólo está disponible para las organizaciones de Datadog en el sitio US1.

El cumplimiento con el PCI DSS para APM y Log Management sólo está disponible para organizaciones de Datadog en el sitio US1.

Información general

El Estándar de Seguridad de Datos de la Industria de Tarjetas de Pago (PCI DSS) impone rigurosos requisitos de seguridad de datos y monitorización a todos los comerciantes, proveedores de servicios e instituciones financieras. Para cumplir estos requisitos, las organizaciones han tenido que separar en diferentes aplicaciones los datos regulados por el PCI, de los no regulados, para su monitorización.

Datadog ofrece Log Management and Application Performance Monitoring (APM) conformes con el PCI, en el sitio US1, para que puedas recopilar en un único lugar todos tus logs, estén o no regulados por el PCI. Consulta Configurar una organización de Datadog que cumpla el PCI para saber cómo empezar.

Establecer una organización de Datadog que cumpla el estándar PCI

Audit Trail debe estar activado y permanecer activado para cumplir el estándar PCI DSS.

Para crear una organización de Datadog que cumpla el estándar PCI, sigue estos pasos:

To set up PCI-compliant Log Management, you must meet the following requirements:

  • Audit Trail must be enabled and remain enabled for PCI DSS compliance. If you haven’t already enabled Audit Trail, it is automatically enabled once the org is configured as PCI-compliant (after following the steps below).
  • Your Datadog organization is in the US1 site.
  • All logs sent to the PCI endpoints using HTTPS only. If you are using the Agent to send logs, you should enforce HTTPS transport.
  • All your logs endpoints need to be changed to the PCI endpoints for logs.
  • You may request access to the PCI Attestation of Compliance and Customer Responsibility Matrix on Datadog’s Trust Center - note that these documents are only applicable once you have finished all the onboarding steps and have been manually configured to be compliant by Datadog support.

To begin onboarding:

  1. Contact Datadog support or your Customer Success Manager to request to being the PCI onboarding process while ensuring the necessary PCI requirements are met.
  2. After Datadog support or Customer Success confirms that the org is ready to onboard, configure the respective configuration file to send all your logs to the dedicated PCI compliant endpoint(s):
  • agent-http-intake-pci.logs.datadoghq.com:443 for Agent traffic
  • http-intake-pci.logs.datadoghq.com:443 for non-Agent traffic
  • pci.browser-intake-datadoghq.com:443 for browser logs
  1. For example, add the following lines to the Agent configuration file:
logs_config:
  logs_dd_url: <agent-http-intake-pci.logs.datadoghq.com:443>
  1. All logs that are sent to the PCI compliant endpoint(s) automatically have a set of Sensitive Data Scanner PCI rules that are applied to scrub any cardholder data. These dedicated PCI rules must be enabled for PCI DSS compliance and are included with no additional charge.

To finish onboarding and be moved to compliant:

  1. Inform your Datadog support or your Customer Success Manager that you have moved over all your endpoints to the PCI compliant endpoint(s).
  2. Once confirmed by Datadog, your Logs and Log Management is considered to be PCI-compliant.

If you have any questions about how your now PCI-compliant Log Management satisfies the applicable requirements under PCI DSS, contact your account manager. See information on setting up PCI-compliant Application Performance Monitoring.

Audit Trail debe estar activado y permanecer activado para cumplir el estándar PCI DSS.

Para crear una organización de Datadog que cumpla el estándar PCI, sigue estos pasos:

To set up PCI compliant Application Performance Monitoring, you must meet the following requirements:

  • Audit Trail must be enabled and remain enabled for PCI DSS compliance. If you haven’t already enabled Audit Trail, it is automatically enabled once the org is configured as PCI-compliant (after following the steps below).
  • Your Datadog organization is in the US1 site.
  • All spans sent to the PCI endpoints using HTTPS only. If you are using the Agent to send spans, you should enforce HTTPS transport.
  • All your spans endpoints need to be changed to the PCI endpoints for spans.
  • You may request access to the PCI Attestation of Compliance and Customer Responsibility Matrix on Datadog’s Trust Center - note that these documents are only applicable once you have finished all the onboarding steps and have been manually configured to be compliant by Datadog support.

To begin onboarding:

  1. Contact Datadog support or your Customer Success Manager to request to being the PCI onboarding process while ensuring the necessary PCI requirements are met.
  2. After Datadog support or Customer Success confirms that the org is PCI DSS compliant, configure the respective configuration file to send spans to the dedicated PCI compliant endpoint:
  • https://trace-pci.agent.datadoghq.com for Agent and non-Agent traffic
  1. For example, add the following lines to the Agent configuration file:
apm_config:
  apm_dd_url: <https://trace-pci.agent.datadoghq.com>
  1. All spans that are sent to the PCI compliant endpoint(s) automatically have a set of Sensitive Data Scanner PCI rules that are applied to scrub any cardholder data. These dedicated PCI rules must be enalbed for PCI DSS compliance and are included with no additional charge.

To finish onboarding and be moved to compliant:

  1. Inform your Datadog support or your Customer Success Manager that you have moved over all your endpoints to the PCI compliant endpoint(s).
  2. Once confirmed by Datadog, your span configuration and Application Performance Monitoring is considered PCI-compliant.

If you have any questions about how your now PCI-compliant Application Performance Monitoring satisfies the applicable requirements under PCI DSS, contact your account manager. See information on setting up PCI-compliant Log Management.

Leer más

PREVIEWING: safchain/fix-custom-agent