This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

PCI Compliance

Posted on 07-03-2017 06:36 AM
Not applicable
Reply posted on --/--/---- --:-- AM

If we have an existing set of APIs running on Apigee Cloud and now wants to apply PCI Compliance Pack, do we need to modify or redeploy the existing APIs? Any best practices to follow while applying the PCI compliance pack will be very useful. What are the key considerations while we chose to apply the PCI Compliance Pack on our Apigee Cloud setup?

Solved Solved
1 2 643
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@Prettyp , Great Question, Welcome to Apigee Community !

NO, You don't need to modify or redeploy the existing APIs.

Regarding, What are the key considerations while we chose to apply the PCI Compliance Pack on our Apigee Cloud setup?

For a customer to be PCI compliant on Apigee Edge Public Cloud, there are some actions and processes the customer owns under the 'Shared Responsibility Model.' You can find more about same in our docs section here.

Hope it helps. Keep us posted moving forward if any.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@Prettyp , Great Question, Welcome to Apigee Community !

NO, You don't need to modify or redeploy the existing APIs.

Regarding, What are the key considerations while we chose to apply the PCI Compliance Pack on our Apigee Cloud setup?

For a customer to be PCI compliant on Apigee Edge Public Cloud, there are some actions and processes the customer owns under the 'Shared Responsibility Model.' You can find more about same in our docs section here.

Hope it helps. Keep us posted moving forward if any.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
kurtkanaskie
Staff
In response to anilsr
Reply posted on --/--/---- --:-- AM

You will have to review your designs to ensure no PCI data is being exposed, especially look for use of cache policies since the L2 cache is persistent storage and is not disabled. That's documented in the link Anil shared.

Jump to Solution