Creating a Data Flow Diagram
How Does Data Flow Through Your AWS Environment?
The need for comprehensive data flow diagram is called out in PCI Requirement 1.1.3, which requires that organizations have a “current diagram that shows all cardholder data flows across systems and networks.” Creating a data flow diagram specifically for your AWS environment is a critical step for PCI compliance and it will be used from the start, during scoping. Without a documented data flow diagram, you cannot accurately define the scope or functions of your cardholder data environment.
An effective data flow diagram should be sequenced, should follow the data lifecycle, and should ultimately address where your cardholder data is, who interacts with it, and if it’s subject to PCI DSS requirements. Once your data flow diagram is created, you should understand the entire flow of cardholder data through your AWS environment.
Transcription
For PCI compliance in your AWS environment, one of the critical steps that you have to take is documenting a data flow diagram. It’s a PCI requirement, but really from a practical sense, you have to understand the flow of data through your environment in order to understand how you should be protecting it. Your diagram needs to represent exactly what’s happening from your client’s system. When they’re initiating a transaction with the application that’s hosted in AWS, the traffic passes through your web application firewall and through your API endpoint into the VPC and the instances that are contained within. There’s traffic that happens from the web services to the backend database. You want to document this flow exactly where the traffic goes, and you want to illustrate the protocols that are utilized and the security mechanisms that are used to encrypt data at certain points throughout the transaction. If you need an example of a good data flow diagram, AWS has published materials that are very helpful for considering how to comply with PCI in your environment. Check the description down below for a link to a good example. If you need help putting your diagram together, please reach out to us here at KirkpatrickPrice.
Transcription
For PCI compliance in your AWS environment, one of the critical steps that you have to take is documenting a data flow diagram. It’s a PCI requirement, but really from a practical sense, you have to understand the flow of data through your environment in order to understand how you should be protecting it. Your diagram needs to represent exactly what’s happening from your client’s system. When they’re initiating a transaction with the application that’s hosted in AWS, the traffic passes through your web application firewall and through your API endpoint into the VPC and the instances that are contained within. There’s traffic that happens from the web services to the backend database. You want to document this flow exactly where the traffic goes, and you want to illustrate the protocols that are utilized and the security mechanisms that are used to encrypt data at certain points throughout the transaction. If you need an example of a good data flow diagram, AWS has published materials that are very helpful for considering how to comply with PCI in your environment. Check the description down below for a link to a good example. If you need help putting your diagram together, please reach out to us here at KirkpatrickPrice.