Add PCI-DSS and update compliance pages

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/fedramp.mdx

@@ -163,5 +163,46 @@ The following services are not FedRAMP-authorized:
         [Historical Data Export](/docs/apis/nerdgraph/examples/nerdgraph-historical-data-export)
       </td>
     </tr>
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Community Cloud for Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Auto-telemetry with Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        AWS, Azure
+      </td>
+
+      <td>
+        New Relic AI
+      </td>
+    </tr>
   </tbody>
 </table>

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001.mdx

@@ -11,6 +11,9 @@ freshnessValidatedDate: never
 The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years and have annual touch point audits (surveillance audits). The scope of certification covers the Company’s locations in Portland, Oregon; San Francisco, California; Barcelona, Spain; and London, United Kingdom.
 
 ## Applicable document by service [#applicable-services]
+<Callout variant="caution">
+  Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope).
+</Callout>
 
 The following applies to the New Relic Observability Platform:
 
@@ -55,3 +58,68 @@ The following applies to the New Relic Observability Platform:
     </tr>
   </tbody>
 </table>
+
+## Services not in scope [#not-scope]
+
+The following services are not ISO 27001 authorized:
+<table>
+  <thead>
+    <tr>
+      <th style={{ width: "200px" }}>
+        Last updated
+      </th>
+
+      <th>
+        Infrastructure
+      </th>
+
+      <th>
+        Services
+      </th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Community Cloud for Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Auto-telemetry with Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        AWS, Azure
+      </td>
+
+      <td>
+        New Relic AI
+      </td>
+    </tr>
+  </tbody>
+</table>

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx

@@ -0,0 +1,77 @@
+---
+title: PCI DSS
+tags:
+  - Security
+  - Security and Privacy
+  - Compliance
+metaDescription: Criteria and compliance with PCI DSS audits by New Relic services.
+freshnessValidatedDate: 2024-07-25
+redirects:
+  - /docs/security/security-privacy/compliance/certificates-standards-regulations/PCI DSS-moderate
+---
+
+The Payment Card Industry Data Security Standard (“PCI DSS”), maintained by the Security Standards Council, is a set of security requirements to protect cardholder data environments (“CDEs”) where payment card data is stored, processed, or transmitted. PCI DSS provides a baseline of rigorous technical and operational requirements designed to protect CDEs.
+
+Assessed against the PCI DSS version 4.0, New Relic maintains a Report on Compliance (“ROC”) and Attestation of Compliance (“AOC”) as a [Level 1 Service Provider](https://www.pcisecuritystandards.org/glossary/service-provider/).
+
+New Relic removes some of your sensitive data in logs with automatic [log obfuscation](https://docs.newrelic.com/docs/logs/get-started/new-relics-log-management-security-privacy/#auto-obfuscation), which is enabled by default for all customers and helps you protect your data.
+
+## Applicable document by service [#applicable-services]
+
+<Callout variant="caution">
+  Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope).
+</Callout>
+
+<table>
+  <thead>
+    <tr>
+      <th style={{ width: "200px" }}>Document</th>
+      <th>Last updated</th>
+      <th>Infrastructure</th>
+      <th>Services</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Attestation of Compliance</td>
+      <td>2024-NOV-13</td>
+      <td>AWS, First Party</td>
+      <td>New Relic Observability Platform</td>
+    </tr>
+  </tbody>
+</table>
+
+## Services not in scope [#not-scope]
+
+<Callout variant="important">
+  If you require a copy of New Relic’s AOC or PCI Customer Responsibility Matrix, reach out to your New Relic account representative.
+</Callout>
+
+The following services are not PCI DSS authorized:
+
+<table>
+  <thead>
+    <tr>
+      <th style={{ width: "200px" }}>Last updated</th>
+      <th>Infrastructure</th>
+      <th>Services</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>N/A</td>
+      <td>GCP</td>
+      <td>Pixie: Community Cloud for Pixie</td>
+    </tr>
+    <tr>
+      <td>N/A</td>
+      <td>GCP</td>
+      <td>Pixie: Auto-telemetry with Pixie</td>
+    </tr>
+    <tr>
+      <td>N/A</td>
+      <td>AWS, Azure</td>
+      <td>New Relic AI</td>
+    </tr>
+  </tbody>
+</table>

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/soc2.mdx

@@ -113,5 +113,47 @@ The following services are not SOC 2 certified:
         ML Ops
       </td>
     </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Community Cloud for Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Auto-telemetry with Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        AWS, Azure
+      </td>
+
+      <td>
+        New Relic AI
+      </td>
+    </tr>
   </tbody>
 </table>

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/tisax.mdx

@@ -13,6 +13,9 @@ TISAX is a European automotive industry-standard information security assessment
 For a copy of New Relic’s shared assessment, you must be a member of the [ENX Association](https://portal.enx.com/en-US/). The scope of certification covers the Company’s locations in the US and the EU.
 
 ## Applicable document by service [#applicable-services]
+<Callout variant="caution">
+  Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope).
+</Callout>
 
 The following applies to the New Relic Observability Platform:
 
@@ -61,3 +64,68 @@ The following applies to the New Relic Observability Platform:
 <Callout variant="important">
   If you require access to New Relic's TISAX labels, you can view them within the [ENX Portal](https://portal.enx.com/en-US/SignIn?ReturnUrl=%2Fen-US%2Fmyenxportal%2Fpublished-shared-results%2F).
 </Callout>
+
+## Services not in scope [#not-scope]
+
+The following services are not TISAX certified:
+<table>
+  <thead>
+    <tr>
+      <th style={{ width: "200px" }}>
+        Last updated
+      </th>
+
+      <th>
+        Infrastructure
+      </th>
+
+      <th>
+        Services
+      </th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Community Cloud for Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Auto-telemetry with Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        AWS, Azure
+      </td>
+
+      <td>
+        New Relic AI
+      </td>
+    </tr>
+  </tbody>
+</table>

src/content/docs/security/security-privacy/compliance/hitrust.mdx

@@ -153,5 +153,47 @@ HITRUST doesn't provide certification for the following services:
         [Historical Data Export](/docs/apis/nerdgraph/examples/nerdgraph-historical-data-export)
       </td>
     </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Community Cloud for Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Auto-telemetry with Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        AWS, Azure
+      </td>
+
+      <td>
+        New Relic AI
+      </td>
+    </tr>
   </tbody>
 </table>

src/content/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services.mdx

@@ -13,7 +13,7 @@ freshnessValidatedDate: never
 
 This document describes New Relic's products and services as they relate to regulatory framework compliance status.
 
-**Updated on November 7, 2024.**
+**Updated on November 21, 2024.**
 
 ## Certifications, standards, and regulations [#cer-std-reg]
 
@@ -23,6 +23,7 @@ For detailed information, see the documentation on the specific certifications,
 * [HIPAA enabled capabilities](/docs/security/security-privacy/compliance/certificates-standards-regulations/hipaa/)
 * [HITRUST compliance](/docs/security/security-privacy/compliance/hitrust)
 * [ISO 27001](/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001/)
+* [PCI DSS](/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss/)
 * [SOC 2](/docs/security/security-privacy/compliance/certificates-standards-regulations/soc2/)
 * [TISAX](/docs/security/security-privacy/compliance/certificates-standards-regulations/tisax)