h***e sauvage
CDCloudflare Developers
•Created by h***e sauvage on 1/19/2024 in #workers-help
PCI Compliance with Workers - External Scanning
I am trying to transfer cardholder data to CF Workers that process payments through a PCI Compliant gateway given by an acquiring bank. They require me to be PCI Compliant. No data is stored other than the cardholder name on MongoDB Atlas (Also PCI Compliant).
Going through PCI SAQ D, I noticed that an external network scan by an "Authorized Scanning Vendor" is necessary for compliance. What do I do in this case? Do I literally just pay to have CF's anycast ip scanned? (Sounds like a waste of money as CF has already done it) Cloudflare's PCI Responsibility Matrix says scanning is to be done by the customer as well.
I don't have any servers; the "CDE" is CF Workers & MongoDB Atlas.
P.S. I know this may not entirely be a developer question, but it's something I can't get answered for weeks.
57 replies