There is no easy answer to this - like everything, these answer is 'maybe'.
It will depend on who your QSA is, how elasticsearch is configured, how you
are using it, and where it resides in your network. For example, if it is
located outside of your 'card holder environment', then your auditor will
be far more lenient about restrictions.
PCI DSS also allows for 'compensating controls' - so it's not always the
case that everything has to be followed to the letter. For example,
elasticsearch operates over unsecured, plain-text protocols - but you can
use firewalls to mitigate various risks, and you could build your own
secure service layer through which the elasticsearch API is accessed
indirectly.
So... there are no easy answers to this question, and I can only suggest
you consult your QSA. Sorry 
On Thursday, October 4, 2012 4:30:21 PM UTC+1, TheOutlander wrote:
Is Elasticsearch PCI DSS compliant?
What is the recommended strategy for access control? Is it fail-safe?
Thanks,
Nick
--