For on premises Apigee instance, what is needed for PCI compliance?

Not applicable

What is needed to secure a private cloud instance of Apigee for PCI compliance

Solved Solved
1 1 471
1 ACCEPTED SOLUTION

PCI compliance requirements cover infrastructure, configuration, policy, and operations. The specific configuration settings for Apigee Edge in an On Premises deployment can be found in the 'PCI Configuration Guide for Edge Public Cloud.' These configuration guidelines were developed for cloud but are equally applicable to an On Premises deployment.

In addition to these guidelines, you should also consider your use of Apigee and how you authenticate to it (do you rely on the Edge authentication process or are you using a local directory), your data flow though the product (do you post Card Holder Data (CHD) to areas of the product not allowed in the public Cloud like analytics), and the physical and logical security of your systems running Edge.

While PCI requirements are fairly prescriptive, your implementation of tools, processes, and standards to meet those requirements is unique to your organization. Beyond the Configuration guide available at docs.apigee.com, and the security FAQs at docs.apigee, your compliance and security teams are the best resources to identify all applicable controls.

View solution in original post

1 REPLY 1

PCI compliance requirements cover infrastructure, configuration, policy, and operations. The specific configuration settings for Apigee Edge in an On Premises deployment can be found in the 'PCI Configuration Guide for Edge Public Cloud.' These configuration guidelines were developed for cloud but are equally applicable to an On Premises deployment.

In addition to these guidelines, you should also consider your use of Apigee and how you authenticate to it (do you rely on the Edge authentication process or are you using a local directory), your data flow though the product (do you post Card Holder Data (CHD) to areas of the product not allowed in the public Cloud like analytics), and the physical and logical security of your systems running Edge.

While PCI requirements are fairly prescriptive, your implementation of tools, processes, and standards to meet those requirements is unique to your organization. Beyond the Configuration guide available at docs.apigee.com, and the security FAQs at docs.apigee, your compliance and security teams are the best resources to identify all applicable controls.