Cloud
Attention Payment Application Developers: Begin Your Transition from the PA-DSS to the PCI SSF Today
The Payment Card Industry (PCI) Council plans to formally retire the Payment Application Data Security Standard (PA-DSS) in October 2022 and replace it with the PCI Software Security Framework (SSF). For vendors, the new framework expands program eligibility with improved support for evolving architectures \/ deployment models, streamlines the assessment process, and simplifies listing management. It also provides greater flexibility for meeting security requirements and modernizes the notion of application security for payment applications and the companies that develop them.<\/p>\r\n\r\n
Today's software development requires objective-focused security to support flexible development and update cycles, which is a huge benefit of the new framework that will support both traditional and modern payment software. It's based on a new methodology for validating software security and a separate Secure Software Lifecycle (SLC) qualification for vendors with rigorous security development practices.<\/p>\r\n\r\n
Coalfire is the first accredited firm to conduct assessments against the new framework and we’re geared up to help vendors prepare for both Secure SLC and Secure Software assessments. Adopting the SSF early on helps demonstrate your commitment to the highest level of payment data security for your merchant and acquirer customers..<\/p>\r\n\r\n
Let’s look at the timeline, which can help you develop a transition plan.<\/p>\r\n\r\n
\r\nSource: PCI SSC website "," click to enlarge image<\/a><\/p>\r\n\r\n
For more information from the PCI SSC, please visit these links below:<\/p>\r\n\r\n