PCI compliance

[James Hunter]

We are trying to get our Google App Engine application through PCI compliance.  They PCI certifier has 2 questions about use of load balancers that I'm not able to answer.  Could anyone help me with this?

1.  Is the infrastructure behind the load balancer synchronized?
2.  Can we confirm passing internal scans of the infrastructure housing the website(s).

I'm sure google does internal scans of their infrastructure, but does anyone know where there's documentation that I can use for PCI compliance justification?  Also, does anyone know what synchronized means in terms of load balancers and is the Google App Engine infrastructure synchronized?

[Jordan (Cloud Platform Support)]

All information about Google Cloud's PCI compliance can be found within the Security and Compliance documentations. Note that Google Cloud products and services are PCI compliant (e.g App Engine), but your own use of these services should also be of compliance as per the Customer Responsibility slides and the Creating a PCI Compliant Environment documentation. 

- It is therefore recommended to refer your certifier to the above documentations, and to work with them in clarifying your question on how to make your own environment compliant.  

[Shaharia Azam]

James,

From my experience, if you are answering some ready-made questionnaire from your PCI compliance certification body, I know that's little bit confusing.

But I would suggest, you reach to that certification body's support executive and tell them about your APP. Because most of the PCI compliance vendor are very much familiar with those two resources Jordan just shared with you and they will make things easier for you to get passed.

Thanks,

Shaharia