Anitian, an Amazon Web Services, Inc. (AWS) Advanced Consulting Partner, Releases New Automation Technology for PCI Acceleration and Compliance Readiness

Anitian, an Oregon-based security intelligence firm, today announced the release of Sherlock Compliance Automation for PCI, or SCA-PCI. SCA-PCI is the first solution of its kind to automate the creation and management of high compliance environments in the AWS cloud specifically designed for alignment with the Payment Card Industry Data Security Standard (PCI DSS) across multiple AWS regions to include the AWS (US) GovCloud region.

In less than a few hours, Anitian customers can use SCA-PCI to build out an entire cloud environment that is pre-configured to meet a rigorous set of compliance and security requirements, as defined in the PCI DSS. The Sherlock environment not only includes all the necessary configurations for PCI, but also all the security controls and documentation. This technology dramatically reduces the time it takes to build a compliant environment, and it eliminates common human errors when configuring these complex environments.

“Sherlock Compliance Automation goes way beyond traditional reference architectures or templates,” said Andrew Plato, CEO of Anitian, “to provide companies with audit-ready environments for their applications and data.”

Anitian developed Sherlock Compliance Automation as a member of the AWS Security Automation and Orchestration (SAO) project. The AWS SAO methodology enables AWS customers to constrain, track and publish continuous risk treatments (CRT) configurations and assimilates DevOps routines (e.g., continuous integration [CI] and continuous delivery [CD]) into a “Type Accredited” secure AWS architecture that is configured to converge common security frameworks. Anitian’s PCI architecture is the first of its kind commercial product available for this type of automation.

Sherlock Compliance Automation runs on AWS. It automatically builds all the networks, user accounts, and access rights a customer needs, as well as the required security controls such as anti-virus, intrusion detection, and security log monitoring. These controls are configured to meet PCI DSS requirements.

To help maintain compliance, SCA-PCI also uses guardrails. Guardrails monitor the cloud environment for any changes that would compromise the security or compliance of the environment. For example, if a user attempts to configure an AWS Security Group for public access, Sherlock guardrails would automatically send alerts and prevent the change.

“Sherlock Compliance Automation PCI is the first of its kind: An entire product line of automated environments that will make security easy. In the coming months, we will be releasing versions for FedRAMP and ISO 27001 compliance,” said Plato.

Anitian will unveil Sherlock Compliance Automation PCI at booth 2713 at the 2018 AWS re:Invent conference in Las Vegas, which begins November 26, 2018.

Anitian is a security intelligence firm with over 20 years’ experience at making security easy. Anitian offers a comprehensive suite of security services and solutions, with a specialty in cloud security and automation. More information is available at and

Share This