Reminder: The PCI PA-DSS will be replaced by the PCI Secure Software Standard on 28/10/2022

28. October 2022

On October 28, 2022, the Payment Application Data Security Standard (PA-DSS) will expire and be replaced by the PCI Secure Software Standard. Together with the Secure Software Lifecycle (Secure SLC) standard, this forms the Council's new PCI Software Security Framework. Certification according to the two new standards has been possible since 2020.

The Secure Software Standard supports a wider range of applications, architectures and functions of software than the PA-DSS. It also brings more agility with regard to current development techniques and release cycles, which means, for example, that more transparency can be created when updating software products. In contrast to the PA-DSS, the Secure Software Standard also formulates target-oriented requirements, the concrete implementation of which can be designed by software manufacturers themselves.

Another significant advantage of the Secure Software Standard is the possibility for software manufacturers to be additionally certified according to the Secure Software Lifecycle Standard. In this case, the manufacturer's development processes are certified themselves, so that they can check minor changes to their software themselves for compliance with the Secure Software Standard.

We have summarized how you can make the transition from PA-DSS to SSF in a blog post for you.


Do you have questions about the Secure Software Standard or need assistance with the transition? Contact us, we will be happy to help you.

Also interesting:

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

PCI DSS: PCI Council Releases SAQs for Version 4.0.1

PCI DSS: PCI Council Releases SAQs for Version 4.0.1

This week, the PCI Security Standards Council (PCI SSC) announced that it published the Self-Assessment Questionnaires (SAQs) for PCI DSS v4.0.1. [See the PCI SSC Bulletin] With the help of SAQs, eligible merchants and service providers can prove their compliance with...

Categories

Categories