PCI Compliance on Business but not Pro
Does anybody know why CloudFlare advertise Business as PCI DSS 3.2 compliant but Pro not?
From what I can work out, the WAF and a sensible set of PCI compliant ciphers can be enabled for both plans but on https://www.cloudflare.com/en-gb/plans/ the tickbox is unchecked for Pro.
Cloudflare
Our Plans | Pricing | Cloudflare
Discover which Cloudflare plan is correct for your requirements. Find out more about Cloudflare plan pricing and sign up for Cloudflare here!
2 Replies
This seems to be a bit muddied by the launch of Advanced Certificate Manager which is a paid addon at any plan level.
I’ve now had a response from the sales team claiming that CloudFlare will be unable to be compliant with PCI 4.0 unless you are on Enterprise!
Surely this can’t be right.
Hi @SoCalledDom. A bit of a cold topic, but hey, maybe you've solved it. 🙂
We are forced off Netlify, since BrainTree requires a PCI scan, and they only allow it in their enterprise plan. CloudFlare Pages came up, but seeing this they might also not be a good choice. have you heard anything else from them, or had any luck with a different vendor?