CenturyLink achieves PCI compliance for your data through strict adherence to required guidelines, policies and procedures, including multiple firewalls as well as encryption and key management.
PCI is the security certification that applies to any organizations & merchants that accepts, transmits or stores any credit cardholder data. If any customer of an organization ever pays the merchant directly using a credit or debit card, then the PCI DSS requirements apply.
CenturyLink has PCI DSS compliant solutions and is a listed service provider on the VISA PCI Compliance Directory. We've obtained the following passing Reports On Compliance (ROC):
Data Center Services
Physical and administrative security controls in the majority of CenturyLink branded data centers
Managed Firewalls and NIDS Services
Cisco ASA and Check Point firewalls and Network Intrusion Detection Systems (NIDS)
In addition to delivering PCI compliant solutions, CenturyLink developed a detailed matrix of PCI controls for organizations with broader PCI requirements, customizable for each solution specifying the responsible party for each PCI control. In addition, it is appended to a PCI Addendum which defines CenturyLink's commitment with respect to the matrix.
Dedicated managed firewall service with intrusion detection & prevention
Dedicated managed web application firewall
Vormetric encryption and key management
Managed VPN with two-factor authentication
Managed threat management security scanning and penetration testing
Managed intrusion detection & prevention (IDS/IPS)
The CenturyLink Products and Services illustrated in this document are guidelines for implementing a PCI compliant solution using Dedicated Cloud. Attaining overall PCI compliance remains the responsibility of the Customer.