PCI SSF - SECURE SOFTWARE LIFECYCLE
For all payment software or software components that may be present in a payment environment and either is directly involved in storing, processing, or transmitting payment data.
- Assessor Type
- Governing Body
- Data Type
- SLC ASSESSOR
- SOFTWARE DEVELOPERS
- 3 Years
- PCI SSC
- PCI ACCOUNT DATA
The Software Security Framework currently includes two standards, the Secure SLC Standard, and the Secure Software Standard.
The Secure SLC Standard defines a set of security objectives, and control objectives for software vendors to ensure the security of payment software throughout the Secure software lifecycle. The payment software is securely designed and securely developed to protect payment application sensitive data, payment transaction data, reduce application vulnerabilities, and protect against software attacks.
Applicability – The Secure SLC standard is applicable to Software vendors who develops payment software. The payment software may be directly involved in processing payments, or developed to provide service around payments.
Secure SLC Eligible Software
Payment Software category are determined based on the primary function of the application. The following are primary function of the application or component developed using the Secure SLC process. The detailed description can be found in the PCI Secure SLC program guide.
The Secure SLC Standard requirements are categorized into four major Security Objective and each Security objective defines its secure SLC Control Objective Requirements.
Our Secure Software Assessors have vast experience in consulting and validating wide range of payment software.
Our well trained Secure Software Assessors provides you with optimum solutions based on the current threat landscape which ensures that the application development policy, process, and software security controls that you have is validated with SSF Secure Software Standard control objective.
We help our customers with a simplified Secure SLC Assessment and Audit procedure and helps streamlining the process with the help of our innovative Compliance management solution-BOLT.
Our Automated approach in providing report, exchanging documents and workflow management saves lot efforts.
We provide customized solutions to make sure that you implement Secure SLC Controls effectively in your Payment Software developed processes.
PCI SOFTWARE SECURITY FRAMEWORK FAQs
The PCI Secure SLC Standard covers the software vendors Secure Software development lifecycle processes, Technology in use, people involved in the various stages of the development lifecycle processes.
The lifecycle stages are design, development, deployment, and maintenance of software.
The key Security objective covered as follows.
- Software Security Governance
- Secure Software Engineering
- Secure Software and Data Management
- Security Communications
The PA DSS standard is dedicated for the application within the PCI DSS environment. The PA DSS standard requirements are coupled with PCI DSS standards. However SSF Secure SLC is an independent standard not coupled with either PA DSS or PCI DSS standards. The Secure SLC is dedicated for the Software vendors Secure lifecycle development processes.
Secure SLC Qualified vendor listing changes are categories into Administrative change and Designated change.
Administrative change – changes to corporate identity changes and changes to Listing details.
Designated change – changes to the Vendor’s Listing that are limited to: Add or remove a Product Category used in Secure SLC development