Press Release

Payments Industry Turning Point – Coalfire First to Certify With New Software Security Standard

February 20, 2020

Company Set to Assess and Validate Next-Generation Payment Security Cyber Defense


WESTMINSTER, CO – February 20, 2020 – Coalfire, a provider of cybersecurity advisory and assessment services, today became the first firm to be accredited by the Payment Card Industry Security Standards Council (PCI SSC) to assess software solutions against the new Software Security Framework/Secure Software Lifecycle (SSF/SLC) standard.

The PCI Software Security Framework will replace the current Payment Application-Data Security Standard (PA-DSS) that expires in late 2022. The framework will support a new approach to payment software security evaluating the lifecycle of the development process as well as the software itself.  

“As one of the first cybersecurity firms to qualify to perform assessments under the new standards, Coalfire’s assessment and certification services will give early-adopter software vendors a jump on the competition,” said Coalfire Solution Validation Director Nick Trenc. “Coalfire is committed to helping our clients transition from PA-DSS to the next generation of standards. They, in turn, will be among the first to provide the merchant community with state-of-the-art software security.”

The framework includes a new methodology for validating software security and standardizes requirements for different types of payment software under a single requirements architecture with supporting listing programs. The Secure Software and Secure Software Lifecycle Standards within the framework allow merchants and acquirers to easily identify qualified vendors and validated payment software that have demonstrated their ability to protect transactions and data, minimize vulnerabilities, and defend against cyber attacks.

The PCI SSC is a global forum that leads cross-industry efforts to increase payment security by providing flexible and effective standards and programs that help businesses detect, mitigate, and prevent cyber attacks and breaches. They maintain programs for security companies seeking to be certified as Payment Application Qualified Security Assessors (PA-QSAs). Coalfire was one of the original PA-QSA firms with more than 10 years in the program. For more information about how software vendors can transition to the new framework, read Nick Trenc’s blog post here.

And for more information about the new framework from the PCI SSC, see these links below.

PCI Security Standards Council Launches New Assessor Qualification Program to Support The PCI Software Security Framework

New Assessor Opportunity: PCI Software Security Framework

Understanding the PCI Software Security Framework: New Educational Resources

About Coalfire

Coalfire is the trusted cybersecurity advisor that helps private and public sector organizations avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, assessments, technical testing and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives and fuel their continued success. Coalfire has been a cybersecurity thought leader for nearly 20 years and has offices throughout the United States and Europe.