Schellman Review of Fastly Client-Side Protection

This document is a technical report assessing Fastly, Inc.’s Client-Side Protection solution in relation to the Payment Card Industry Data Security Standard (PCI DSS) v4.0.1. The evaluation focuses on specific requirements, particularly 6.4.3 and 11.6.1, and examines the product's capabilities in managing client-side scripts, implementing content security policies, and compliance reporting. The methodology includes technical documentation analysis and interviews with product specialists. Key findings indicate that the solution assists organizations in meeting PCI DSS requirements by maintaining an inventory of authorized scripts and providing mechanisms for detecting unauthorized changes. The report details the operational workflow, which includes defining website scope, script inventory management, policy creation, and violation reporting. Additionally, it outlines deployment options and the integration of the Client-Side Protection product with Fastly’s Next-Gen Web Application Firewall, emphasizing its role in enhancing web application security.