Connect with us

Hi, what are you looking for?


Understanding the norms of PCI SSF compliance and its benefits


The PCI Safety Requirements Council (PCI SSC) launched a brand new framework often known as the PCI Software program Safety Framework (SSF) to safe trendy fee software program. The brand new framework is a set of requirements and applications that have been constructed to safe the design and growth of fee software program. With the introduction of SSF, the present customary – PA DSS (Cost Utility Knowledge Safety Customary) will quickly fade out. This merely signifies that the SSF replaces PA-DSS with trendy necessities that assist a variety of fee software program varieties, applied sciences, and growth methodologies. It’s a new strategy that helps each the present and future fee software program and dealing as an extension to the PA-DSS limits to deal with general software program safety resiliency.

The PCI SSF Requirements

The PCI Software program Safety Framework relies on two requirements, particularly the Safe Software program Customary and Safe Software program Lifecycle Customary.

Safe Software program Customary

Validation of fee software program to Safe Software program Customary (S3) assures that the Cost Software program that’s designed usually protects the integrity of the software program and the confidentiality of delicate knowledge it captures, shops, processes, and transmits. Applicability of this customary usually includes-

  • Software program merchandise concerned in or straight assist or facilitate fee transactions that retailer, course of, or transmit knowledge.
  • Software program merchandise developed by the seller which can be commercially bought to a number of organizations.

Safe Software program Lifecycle Customary

Validation of fee software program to Safe Software program Life Cycle Customary assures that vendor’s software program growth lifecycle processes, procedures, and practices are compliant with the PCI Safe SLC Customary. Applicability of this customary includes-

  • All distributors who develop fee software program.

Objective of Introducing PCI Software program Safety Framework in Alternative of PA DSS

PCI Software program Safety Framework is a mix of conventional and trendy software program safety necessities. The newest framework helps evolving applied sciences, software program varieties, and growth methodologies. The brand new PCI SSF framework was designed and carried out with an purpose to advertise a extremely goal oriented safety practices that assist each the standard strategies of excellent utility safety and the newest growth practices. It’s a framework launched to make sure distributors can profit the most effective of each worlds and implement measures that finest secures techniques.

Transition from PA DSS to PCI SSF

For a clean transition from PA DSS to PCI SSF, PCI Council will proceed to assist PA DSS validated purposes via the tip of October 2022. They’ve clearly said that the present PA-DSS validated purposes will stay on the “Listing of Validated Cost Functions” till their expiry dates with the reassurance of not having any affect on the customers. Additional, by the tip of October 2022, PCI Software program Safety Framework will change PA DSS and its listings. So, with this transition, the fee utility might be validated with PCI SSF after the retirement of PA DSS in 2022. The brand new framework gives flexibility to all of the software program distributors and facilitates higher alignment of safe utility growth, as per the {industry} customary.

Advantages of PCI SSF Compliance

The Cost Card Trade Safety Requirements Council developed the brand new SSF framework to offer flexibility to software program distributors and align fee software program growth with {industry} finest safety requirements. In contrast to PA-DSS, the SSF will assist a number of safety efforts and initiatives that concentrate on safe design and growth. Right here is how PCI SSF Compliance shall profit clients, distributors, and retailers in general-

  • SSF Compliance facilitates a modular evaluation structure and strategy, creating extra flexibility.
  • Adhering to the PCI Software program Safety Body will assist scale back the chance related to penalties and Knowledge Breach Problems.
  • Compliance assures acceptable safety and safety mechanism are in place to safe the cardboard knowledge atmosphere.
  • It’ll guarantee crucial property are protected and additional strengthens the implementation of entry controls.
  • It’s an assurance that the organizations are assembly their authorized obligations.
  • It gives clients the boldness that the group has put in efforts to safe the atmosphere and shield their knowledge.
  • Compliance to SSF means having carried out threat administration course of and having Enterprise continuity plans in place
  • Compliance with SSF Framework ensures safety towards rising safety threats and adapting to any modifications within the relevant regulatory requirements.

Remaining Ideas

Whereas the transition from PA DSS to PCI SSF could seem difficult, in actuality, it received’t make a distinction or moderately affect your compliance efforts. The truth is, PCI SSF gives extra flexibility for software program builders to include fee utility safety as per the present industry-accepted practices. Furthermore as talked about earlier, to make it a hassle-free transition for stakeholders, the PA-DSS and SSF Packages will run parallel with the PA-DSS Program persevering with to function because it does until the date of expiry. Having stated that, we personally really feel the choice of introducing a brand new framework is for the higher of the society and good thing about the shoppers and distributors.  Therefore the introduction of PCI SSF shouldn’t be taken in any other case and must be taken positively by all stakeholders.

Contributed by Narendra Sahoo, Director, VISTA InfoSec

pci software security framework,pci dss,cloud security alliance published,open software security framework simm,open software security framework examples

You May Also Like


Introduction In previous articles we have talked about images of dockers, the origin and functioning of dockers and the dockers’ hub. In this document...


Linux desktops are good in many ways, but like Windows they are not known as the most efficient battery. This does not mean that...


The United States Supreme Court has indicated that it will finally solve a problem that has been causing legal problems for almost two decades:...


To secure your AWS assets, follow these AWS Identity and Access Management (IAM) guidelines. Locking the Root User Access Key for AWSAccount You use...