PCI DSS AoC

Hi,

I requested the Cloudflare’s PCI DSS AoC which I require for the annual PCI DSS audit; ticket 1841346. My previous similar request back in 2018 was processed smoothly without complications. This time I was requested to sign NDA, which I objected, and now for two days Cloudflare Support simply does not respond to my messages. Great experience, no kidding.

Now, if PCI DSS is confidential - NDA prevents me from sharing it with our QSA who’s doing the audit. If it’s not confidential (and it’s the case with 100% of our other providers!) - why on earth I’m asked to sign NDA???

I’m disappointed; Cloudflare should do better than that. People at support should apply some intelligence.

Please report your issues with the process via the ticket, the community isn’t the place to report on legal policies.