Forum Discussion

Nimbostratus

Jul 11, 2025

PCI Compliance and ASM

Hi, We are building a system that is to be PCI complient. The system will be hosted in segregated zone in the infrastructure... where we have: Load balancer to receive the external traffic We...

application delivery

security

VishnuGatla

Cumulonimbus

Jul 11, 2025

F5 WAF’s “Data Guard” prevents sensitive data (e.g., credit card numbers, SSNs) from logging or leaking in responses. It masks or blocks CHD in HTTP responses and logs, meeting PCI DSS requirements for plaintext CHD exposure. Use SSL bridging to prevent plaintext CHD exposure on the network.

Reference:

K34154012: Configuring Data Guard detection patterns (12.x - 17.x)

K8363: Using the Mask Data setting to protect sensitive data returned by the BIG-IP ASM

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

PCI Compliance and ASM

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

F5 DNS Logs in JSON Format

APM - Portal access - Issue

How to configure ssh access by key on F5OS

ASM/AWAF declarative policy

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

Decoding PCI-DSS v4.0: F5's Ridiculously Easy Guide to Technical Compliance

BIG-IP security hardening and compliance checks

Implementing F5 NGINX STIGs: A Practical Guide to DoD Security Compliance

Lightboard Lessons: PCI/DSS compliance with BIG-IP

Making WAF Simple: Introducing the OWASP Compliance Dashboard

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS