For the Financial services Industry, PCI DSS compliance ensures the secure handling of cardholder data by organizations that process, store, or transmit credit card information. Payment Card Data Security Standard (PCI DSS) is a set of security standards designed to protect card holder information and ensure a secure environment for handling credit card data. While this is primarily used to secure credit card data, adhering to PCI DSS standards ensures overall security of your applications. Over time, threats and technology evolve. To address this, the PCI Security Standards Council (SSC) released version 4.0 of the Data Security Standard (DSS). In March 2025 – PCI DSS 4.0 went into full effect across the industry.
PCI DSS 4.0 compliance for a HeatWave MySQL database involves implementing technical and operational controls to secure Card Holder Data (CHD) as outlined by the PCI DSS in OCI. The high-level guidance from PCI Security Standards Council has 6 key goals across the following sections.
- Build and maintain a secure network and system
- HeatWave MySQL supports network security groups for instance-level protection
- HeatWave MySQL enforces password management with other security parameters as part of OCI, refer to manage user credentials on Oracle Cloud Infrastructure
- Protect cardholder data
- HeatWave MySQL encrypts data at rest and in transit across networks and regions.
- All our control and management plane communications are protected with TLS, which is necessary for the PCI DSS attestation. We also recommend using TLS (not SSL) and front-ending the application with our load balancers and end points, as required. We recommend using SSH, IPSec VPN, and FastConnect.
- Maintain a vulnerability management program
- Anti-virus software is maintained and managed at the OS level as part of the Oracle Cloud Infrastructure Native Web Application Firewall.
- HeatWave MySQL being a managed service in OCI, has a robust OS and database patch management policy to ensure security.
- Implement strong access control measures
- Supports single sign on HeatWave MySQL via OCI identity management. Allowing integration with active directory/ADFS, Azure AD, LDAP etc.
- Secure HeatWave MySQL connections with your own SSL/TLS certificates using the Bring Your Own Certificates feature, replacing the default service certificate for enhanced security
- Regularly monitor and test networks
- Integrated SIEM, detection, and response for enhanced security
- Vulnerability scanning happens across OS, compute, and network layers as part of OCI.
- Support for regulated market compliance requirements
- Maintain an information security policy
- While customers are responsible for their security policies, both included and paid services with consulting available via Oracle consulting.
Viewing and downloading Compliance Reports
HeatWave MySQL as part of the OCI stack complies with the remaining requirements for shared hosting providers and hence has the PCI DSS attestation of compliance.
To view the compliance report, In your OCI Console → Identity & Security → Compliance
Click on the more options (kebab) menu to download the report.
Conclusion
HeatWave MySQL on OCI provides a comprehensive solution for achieving PCI DSS 4.0 compliance. By leveraging encryption, access controls, and continuous monitoring, organizations can securely manage cardholder data while meeting industry standards.
As always, thank you for using MySQL!
Resources :
PCI DSS 4.0 Compliance and MySQL
Updated guidance to customer for PCI compliance on Oracle Cloud Infrastructure