Sitecore engaged Coalfire Systems Inc., a leading payment card industry Qualified Security Assessor company, and it has completed an independent technical assessment of Sitecore Experience Commerce™ (XC) and published a Product Applicability Guide (PAG).

The Payment Card Industry Data Security Standards (PCI DSS) are technical and operational requirements for organizations that accept or process payment transactions. They are also for software developers and manufacturers of applications and devices used in those transactions.

Sitecore’s PAG explains the alignment of Sitecore XC to PCI DSS v3.2 technical requirements. Merchants that use Sitecore XC will be required to comply with PCI DSS requirements included in SAQ A. Sitecore’s PAG also notes that Sitecore is in compliance with SAQ A requirements in order to provide Sitecore XC as part of its managed cloud services.

Download a copy of Coalfire’s PCI technical assessment of Sitecore Experience Commerce.


Harish Siripurapu is the Director of Global Security at Sitecore