Is MapR a PCI-compliant product?
As Product Manager for MapR Security & Data Governance, I am often asked this question. See my response below.
Our customers have undergone certifications, including PCI, and passed with MapR in scope.
Regulations/certifications such as PCI, HIPAA, and FISMA/FedRAMP typically apply to environments - not products. The certifications basically say the organization is abiding by a prescribed set of controls to protect certain data, such as Protected Health Information (PHI) in the case of HIPAA or Personal Account Numbers (PANs) in the case of PCI.
Tools or platforms like MapR can be used to house and transmit this data, and would then be considered "in-scope" for the certification. In this case, organizations must prove to auditors that the data is sufficiently protected. MapR has customers that have done this, and many more are in the process of complying with specific regulations with MapR in-scope.
We are always happy to work with customers to ensure your MapR deployment meets your specific certification requirements.
Retrieving data ...