Enabling security policies now requires current password
Valid from Pega Version 7.1.3
As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced. When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.
For more details, review the Designer Studio > System > Settings > Security Policies landing page.
Add custom HTTP response headers in your application
Valid from Pega Version 7.2.1
The Pega 7 Platform supports the addition of custom security HTTP headers that are supported by your browser. For example, you can now create custom X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security headers. These headers improve the security of your application against client-based attacks.
For more information, see Creating a custom application header.
Attribute-based access control model
Valid from Pega Version 7.2.1
Attribute-based access control (ABAC) is a security authorization model in which access rights are determined through the use of policies and attributes. A policy decision engine in ABAC evaluates digital policies against available data (attributes) to permit or deny access to the requested resource. For example, you can now determine access rights to cases by examining security attribute values assigned to the user and the case.
For more information, see Attribute-based access control.