#Facebook / Meta Data Protection Assessment security questions

Hi, we are using Facebook as one of player login options into PlayFab and it's time for our annual Facebook Data Protection Assessment. I always used PlayFab forum post (https://community.playfab.com/questions/64567/facebook-data-protection-assessment.html) to help me with questions, this is however not accessible anymore (👎 ) and Meta also expanded on some questions regarding security, so the answers there would probably be not sufficient enough anyway.
These are the questions we need help with:

3.1-12.b. - Within the last 12 months, which of the following approaches have you used to test for vulnerabilities and security issues in your backend environment where you process Platform Data? Select all that apply.
[ ] Static application security testing (SAST)
[ ] Dynamic application security testing (DAST)
[ ] Web scan
[ ] Penetration test by an internal team
[ ] Penetration test by an external security firm
[ ] Vulnerability reports from external researchers obtained through a Vulnerability Disclosure Program (VDP) or bug bounty program
[ ] Another approach for identifying vulnerabilities
[ ] This is not necessary because my organization uses a no-code backend solution
[ ] None of the above

and multiple questions related to MFA with same options:

3.1-15.a. through 3.1.-15.e. - **Do you require multi-factor authentication (MFA) for all access to your:

• collaboration and communication tools?
• code repository tool (e.g., GitHub) or any tool used to track changes to the app and any of the system’s code and configuration?
• software deployment tools, for example Jenkins or another continuous integration, continuous deployment (CI/CD) tool?
• backend administrative tools, for example a cloud administrative portal?
• remote access to servers, for example via SSH?**
  [ ] Yes
  [ ] No, but we enforce a password-complexity policy and have authentication backoff delays and automatic account lockouts with failed login attempts.
  [ ] No

Thank you for your help.

Hi Selo

3.1-12.b
we have selected these 2

• Web scan
• Penetration test by an internal team

we are using intruder.io to test our api endpoint and submitted the report as documentation with 0 critical or high issues found

But in general it would be nice if playfab could provide answers to these new questions in the Meta DPA in a public place where all developers could refer to it

Thanks @misty heath , I'll wait if anyone from PlayFab answers, if not then I'll try these options. I definitely agree that they should provide these answers as we do not process and store any Meta Platform Data and our answers should reflect PlayFabs security measurements, as was (IIRC) discussed in the now inaccessible forum post that I linked in OP.

Those questions apply to your code, not to PlayFab's. See the explanation for 3.1-12.b (and similar statements through the rest of https://developers.facebook.com/docs/development/maintaining-data-access/data-protection-assessment )

This question only refers to the software you build or package (e.g., code libraries) in order to process Platform Data, rather than software built or maintained by other companies (e.g., an analytics service that you rely on as a Service Provider)