PCI Security Standards Council Publishes New Software Security Standards
Today, the PCI Security Standards Council (PCI SSC) published new requirements for the secure design and development of modern payment software. The PCI Secure Software Standard and the PCI Secure Lifecycle (Secure SLC) Standard are part of a new PCI Software Security Framework , which includes a validation program for software vendors and their software products and a qualification program for assessors. The programs will be launched later in 2019.
“Innovation in payments is moving at an incredible pace. Each advancement provides the industry the opportunity to develop applications more quickly and efficiently than before and to design software for new platforms for payment acceptance,” said PCI SSC Chief Technology Officer Troy Leach. “The new PCI Secure Software Standard and PCI Secure SLC Standard support this evolution in payment software practices by providing a dynamic way for developers to demonstrate their software protects payment data for the next generation of applications.”
PCI Software Security Standards expand beyond the scope of the Payment Application Data Security Standard (PA-DSS) for traditional payment software to address overall software security resiliency for modern payment software. Specifically:
- The PCI Secure Software Standard outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data.
- The PCI Secure SLC Standard outlines security requirements and assessment procedures for software vendors to validate how they properly manage the security of payment software throughout the entire software lifecycle.
These standards will replace the PA-DSS and listing when it is retired in 2022. In the meantime, there will be a gradual transition period for organizations with investments in PA-DSS. For more information on the new standards and the PA-DSS transition period, read PCI Perspectives blog post, Just Published: New PCI Software Security Standards .
The PCI Software Security Standards were developed with the input of a dedicated task force made up of payment card industry participants. PCI SSC Participating Organizations and assessors also reviewed and provided feedback on the standards via multiple request for comments (RFC) periods throughout the development process.
Steve Lipner, Executive Director of the Software Assurance Forum for Excellence in Code (SAFECode), participated in the PCI Software Security Task Force and said, “I was delighted to review the final version of the PCI Secure Software Lifecycle Standard. The document clearly reflects an adaptation of software security best practices to the needs of the payment card industry and its certification process and is well aligned with SAFECode’s principles and the concepts in SAFECode’s Fundamental Practices for Secure Software Development. I was particularly pleased to see the emphasis on integrating security into the software development process rather than attempting to assure security by after-the-fact testing.”
The PCI Secure Software Standard, PCI Secure SLC Standard, a supporting FAQ document, and a Glossary of Terms, Abbreviations, and Acronyms are available for download from the Document Library on the PCI SSC website.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn . Join the conversation on Twitter @PCISSC . Subscribe to the PCI Perspectives Blog .
Information om Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco
Følg pressemeddelelser fra Business Wire
Skriv dig op her, og modtag pressemeddelelser på e-mail. Indtast din e-mail, klik på abonner, og følg instruktionerne i den udsendte e-mail.
Flere pressemeddelelser fra Business Wire
NY-IFF15.2.2019 22:17:10 | Pressemeddelelse
IFF Recognized by SAM’s 2019 “Industry Mover” Sustainability Award
SFL15.2.2019 19:03:08 | Pressemeddelelse
SFL: strong financial position and results in 2018, consolidating the Group’s position as a prime player
NEW-WORLD-DEVELOPMENT15.2.2019 11:13:12 | Pressemeddelelse
5 Happening Cultural Destinations to Visit in 2019
ISAE-SUPAERO15.2.2019 10:38:10 | Pressemeddelelse
ISAE-SUPAERO Launches a New MOOC about Flight Mechanics
RED-REPLY15.2.2019 10:32:09 | Pressemeddelelse
REPLY: Red Reply Wins the Oracle “Partner of the Year Autonomous” Award
POSIFLEX-GROUP15.2.2019 09:02:04 | Pressemeddelelse
Posiflex showcases new Interactive Self-Service Kiosks and IoT Retail Product Innovations at EuroCIS 2019
I vores nyhedsrum kan du læse alle vores pressemeddelelser, tilgå materiale i form af billeder og dokumenter samt finde vores kontaktoplysninger.Besøg vores nyhedsrum