Integrated Application Security Checklist helps you deploy a secure application
Valid from Pega Version 7.3.1
Pega® Platform now provides an Application Security Checklist that you can refer to when you prepare your application for deployment. By completing the recommended tasks in this checklist, you can track your progress, access instructional information for tasks, and verify that your configurations are secure.
For more information, see Preparing your application for secure deployment, Compliance Score tab, Designer Studio — Home page.
Encrypt sensitive case data by using a secure default Pega Platform cipher and AWS KMS keys
Valid from Pega Version 7.3.1
You can encrypt sensitive data within your application without having to write custom cipher classes. You can configure encryption on the Data Encryption landing page by using your own keys managed in your private Amazon Web Services Key Management Service (AWS KMS) instance. Pega® Platform encryption uses keys that are stored in AWS KMS to support both time-based and on-demand key rotation. Technical issues can arise in some cases, for example, if a key is deleted from AWS KMS.
For more information, see Potential problems with keystores when using AWS KMS, Configuring a Platform cipher, Types of ciphers.
REST services support password credentials and JWT Bearer grant types
Valid from Pega Version 7.3.1
Pega® Platform REST services now support password credentials and the JWT (JSON Web Token) Bearer grant type when you enable OAuth 2.0-based authentication. By using password credentials, you can quickly migrate clients from direct authentication schemes, provide additional flexibility when other grants are not available, and integrate your application with REST services in other applications. You can add compatibility with modern JWT-based cloud security IDPs by using the JWT Bearer grant type.
For more information, see About OAuth 2.0 Provider data instances, OAuth 2.0 Client Registration data instances - Completing the Client Information tab, Creating an Identity Mapping data instance.