PCI Compliance with Workers - External Scanning
I am trying to transfer cardholder data to CF Workers that process payments through a PCI Compliant gateway given by an acquiring bank. They require me to be PCI Compliant. No data is stored other than the cardholder name on MongoDB Atlas (Also PCI Compliant).
Going through PCI SAQ D, I noticed that an external network scan by an "Authorized Scanning Vendor" is necessary for compliance. What do I do in this case? Do I literally just pay to have CF's anycast ip scanned? (Sounds like a waste of money as CF has already done it) Cloudflare's PCI Responsibility Matrix says scanning is to be done by the customer as well.
I don't have any servers; the "CDE" is CF Workers & MongoDB Atlas.
P.S. I know this may not entirely be a developer question, but it's something I can't get answered for weeks.
Going through PCI SAQ D, I noticed that an external network scan by an "Authorized Scanning Vendor" is necessary for compliance. What do I do in this case? Do I literally just pay to have CF's anycast ip scanned? (Sounds like a waste of money as CF has already done it) Cloudflare's PCI Responsibility Matrix says scanning is to be done by the customer as well.
I don't have any servers; the "CDE" is CF Workers & MongoDB Atlas.
P.S. I know this may not entirely be a developer question, but it's something I can't get answered for weeks.
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Similar Threads
Was this page helpful?
