Knowledge Base - Featured Articles

Browse all

When attempting to determine your skill at programming, it can be difficult to identify which specific issue to identify with. Keep in mind that these lessons are simply an attempt to introduce you to D8 module building. Lesson 1 attempts to teach to the middle, so module creation beginners should refer to the hints and notes for help. Advanced readers should view the hints and notes as optional and focus more on the extra credit. It is perfectly reasonable to gloss over the reading and to attempt to follow the lab goals and actions immediately and use the readings above it solely for reference.

Payment Card Industry Data Security Standard, or PCI-DSS, is an information security standard that is designed to protect credit card data from being exposed and used fraudulently. This article will answer some frequently asked questions about Acquia's compliance with this security standard.

Is Acquia’s hosting PCI-DSS compliant?

Acquia has a PCI-DSS compliant hosting environment as part of Acquia Cloud Enterprise. A Qualified Security Assessor (QSA) company performs an annual audit to verify that the Acquia platform is compliant with PCI-DSS. The Attestation of Compliance (AOC) and Report on Compliance (ROC) documents validating Acquia PCI-DSS compliance can be provided to prospective or current customers upon request.

Is Acquia immune to the BEAST browser exploit?

Acquia Cloud no longer supports RC4-based SSL cypher suites because of their known security vulnerabilities. This means that Acquia Cloud no longer includes server-side mitigation of the potential BEAST security vulnerability. However, we believe that existing client-side mitigation of BEAST is sufficient, and that the security vulnerability from RC4-based SSL cypher suites is a much more significant threat. For more information, we recommend reading Qualys Security Labs' discussion, Is BEAST Still a Threat?

In an ongoing effort to improve security, an upcoming release of the Acquia Cloud platform will prevent the use of an older syntax that can be used to access Acquia Cloud instances using secure shell (SSH).

Acquia recommends that all customers review their existing scripts and development processes to ensure that the standard syntax documented described both in this article and in the Using SSH/Shell access documentation page are being consistently utilized.