By: Brandon Polk, Director of Compliance Services
Contextual Security Solutions | January 17, 2018 @ 11:07
A little while ago we learned that the PCI Council was making plans to transition the Payment Application Data Security Standards (PA-DSS) to a new framework called the PCI Software Security Framework, which includes a PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure SLC) Standard. These are new standards designed for software vendors as follows:
- The Secure Software Standard outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data.
- The Secure SLC Standard outlines security requirements and assessment procedures for software vendors to validate how they properly manage the security of payment software throughout the entire software lifecycle.
These new standards are available now on the PCI Council’s website in the document library, and there’s also a great interview with PCI SSC Chief Technology Officer Troy Leach, who talks about the new program here: https://blog.pcisecuritystandards.org/just-published-new-pci-software-security-standards
If your organization utilizes these solutions and you want to learn more about how this transition will impact future PCI assessments, please let us know! firstname.lastname@example.org.