The Security Checklist
Security is critical
Inadequate security can prevent your application from being deployed.
- Most clients require approval from an IT security team who reviews the application security before the project team is allowed to move the application to production.
- Deployment Manager blocks applications from being deployed in production if the Security Checklist is not completed.
Click each image to learn more about each security area.
Check your knowledge with the following interaction.
Security goals
Pega takes application and system security seriously. Security is a shared responsibility between Pega and our clients. This common goal ensures the AIC Triad – availability, integrity, and confidentiality of your application.
Unauthorized individuals cannot access or modify the application or the data it creates and stores. Authorized individuals, in turn, only have access to those application functions and data that are necessary to perform their jobs.
In the following image, click the + icons to learn more about each security goal.
Check your knowledge with the following interaction.
Security Checklist
The Security Checklist is a key feature of Pega Platform that assists clients in hardening their applications and systems. To assist in tracking the completion of the tasks in the checklist, Pega Platform automatically installs an application guideline rule instance that includes the tasks in the Security Checklist for each version of your application. For more information, see Assessing your application using the Security Checklist.
In the following image, click the + icons to learn more about how the Security Checklist helps you secure your application.
Guardrail compliance
The most important security requirement for any Pega Platform application is to maintain guardrail compliance. Pega Platform security features are not always successfully enforced when using custom code.
To protect your application, use the built-in security configuration features in Pega Platform. Do not rely on custom code built by developers who are not security experts.
Security Checklist tasks
The Security Checklist tasks are organized by when each task is performed, and the key security area involved. Key areas include monitoring, authentication, authorization, auditing, and production testing. As you review the Security Checklist core tasks, it is important to understand the nature of the application, what Pega Platform features are used, how and to whom the application will be deployed.
Not all security tasks are required for all applications or releases. The tasks you use depend on many factors including the Pega Platform features your application uses, how much you customize a Pega application, and the amount of sensitive data created and stored within the application, to name a few.
Security is one of several special considerations for public-facing applications. For more information, see Basic requirements for deploying public-facing applications.
Check your knowledge with the following interaction.
This Topic is available in the following Modules:
Want to help us improve this content?