PCI Secure Software Lifecycle Standard eligible for more software vendors

3. March 2021

Recently the PCI Security Standards Council (PCI SSC) released version 1.1 of the Secure Software Lifecycle (Secure SLC) Standard and the corresponding Program Guide. This company certification out of the PCI Software Security Framework (PCI SSF) allows software vendors to prove that they have integrated comprehensive security measures into their complete software lifecycle.

Our accredited Secure SLC assessors have reviewed the key changes compared to the original version for you:

The majority of the changes were made to correct minor errors and to sharpen definitions and important terms. But the following expansion of the definition, concerning the eligibility, has exciting implications.

For purposes of this document (including Section A.3 of Appendix A hereto):
“Eligible Software” means any software or software component that may be present in a payment environment and either (a) is directly involved in storing, processing, or transmitting payment data (“Payment Software”) or (b) does not directly handle payment data but may share resources defined within a payment environment;

[Source: https://www.pcisecuritystandards.org/documents/PCI-Secure-SLC-Program-Guide-v1_1.pdf]

The standard is therefore no longer limited to providers of payment software that directly stores, processes or transmits payment data. The addition of part (b) will make it easier for other software vendors to participate in the Secure SLC program and achieve validation according to it.


Do you have questions about a certification according to the PCI Secure Software Lifecycle Standard or do you need support? Contact us, we are happy to help.

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories