Skip to main content

The Security Checklist

Inadequate security can prevent your application from being deployed.

  • Most clients require approval from an IT security team who reviews the application security before the project team is allowed to move the application to production.
  • Deployment Manager blocks applications from being deployed in production if the Security Checklist is not completed. 

Stop at each point along the following video to learn more about the four critical security areas:

Security goals

Pega takes application and system security seriously. Security is a shared responsibility between Pega and our clients. This common goal ensures the AIC Triad – availability, integrity, and confidentiality of your application.

Unauthorized individuals cannot access or modify the application or the data it creates and stores. Authorized individuals, in turn, only have access to those application functions and data that are necessary to perform their jobs.

In the following image, click the + icons to learn more about each security goal:

Check your knowledge with the following interaction:

Security Checklist

The Security Checklist is a key feature of Pega Platform that assists clients in hardening their applications and systems. To assist in tracking the completion of the tasks in the checklist, Pega Platform automatically installs an application guideline Rule instance that includes the tasks in the Security Checklist for each version of your application. For more information, see Assessing your application using the Security Checklist.

In the following image, click the + icons to learn more about how the Security Checklist helps you secure your application:

Guardrail compliance

The most important security requirement for any Pega Platform application is to maintain guardrail compliance. Pega Platform security features are not always successfully enforced when using custom code.

To protect your application, use the built-in security configuration features in Pega Platform. Do not rely on custom code built by developers who are not security experts.

Security Checklist tasks

The Security Checklist tasks are organized by when each task is performed, and the key security area involved. Key areas include monitoring, authentication, authorization, auditing, and production testing. As you review the Security Checklist core tasks, it is important to understand the nature of the application, what Pega Platform features are used, how and to whom the application will be deployed.

Not all security tasks are required for all applications or releases. The tasks you use depend on many factors including the Pega Platform features your application uses, how much you customize a Pega application, and the amount of sensitive data created and stored within the application, to name a few.

Note: Some steps for securing the deployment environment are performed automatically for Pega Cloud clients as part of their Service Agreement and may be skipped.

Security is one of several special considerations for public-facing applications. For more information, see Basic requirements for deploying public-facing applications.

Check your knowledge with the following interaction:


This Topic is available in the following Module:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice