Security for data actions

Raghava_PVDS · May 19, 2020, 12:08pm

HI Team
I am using Secure Data Action but how can i know that my data travelling on TSL 1.1/1.2/1.3

Also if I Enable option like PCIDSS/HIPAA from Org settings how it will effect my secure date action for payment cards.

Raghava

Jason_Mathison · May 19, 2020, 12:15pm

Data Actions will only communicate with an endpoint via TLS 1.2 or 1.3. If an endpoint attempts to establish the connection with an older transport like TLS 1.1 or SSL, the connection will be refused by the Data Action Service.

Enabling PCIDSS/HIPAA doesn't have any impact on how Secure Data actions behave.

--Jason

Raghava_PVDS · May 19, 2020, 2:03pm

Hi Jason,

Thanks for your prompt response.

so what is the user of Enabling PCIDSS/HIPAA or where we will use those.

Richard.Schott · May 19, 2020, 2:15pm

Enabling PCI/HIPAA will have no effect on data actions whatsoever. Those organizational toggles specifically affect the features named here: https://help.mypurecloud.com/articles/pci-dss-compliance/ and https://help.mypurecloud.com/articles/hipaa-compliance-2/

In order to remain in compliance with these regulatory schemes, you must leverage data actions that are marked as "secure" (this is an option when the data action is initially created) within a secure IVR call flow when handling data that is covered under the regulatory scheme. Note that setting an action as "secure" does not change the behavior of the data action itself, as data actions are "secure by default" (meaning they do not log request or response payloads, do not store any data at rest, and transmit data using either TLS 1.2 or 1.3, depending on the certificate of the remote endpoint they connect to); rather, designating a data action as "secure" makes it available for handling secure variables from within a secure IVR call flow for transmission to an external web service, and prevents that action's usage within a standard IVR flow or Agent script. This allows an administrator to ensure that the communication with the relevant external resource is only happening from within a compliant workflow.

Raghava_PVDS · June 8, 2020, 2:34pm

H Richids,

Sorry for the delay.
Thanks for your support.

system · July 9, 2020, 2:34pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.