Reminder: The PCI PA-DSS will be replaced by the PCI Secure Software Standard on 28/10/2022

28. October 2022

On October 28, 2022, the Payment Application Data Security Standard (PA-DSS) will expire and be replaced by the PCI Secure Software Standard. Together with the Secure Software Lifecycle (Secure SLC) standard, this forms the Council's new PCI Software Security Framework. Certification according to the two new standards has been possible since 2020.

The Secure Software Standard supports a wider range of applications, architectures and functions of software than the PA-DSS. It also brings more agility with regard to current development techniques and release cycles, which means, for example, that more transparency can be created when updating software products. In contrast to the PA-DSS, the Secure Software Standard also formulates target-oriented requirements, the concrete implementation of which can be designed by software manufacturers themselves.

Another significant advantage of the Secure Software Standard is the possibility for software manufacturers to be additionally certified according to the Secure Software Lifecycle Standard. In this case, the manufacturer's development processes are certified themselves, so that they can check minor changes to their software themselves for compliance with the Secure Software Standard.

We have summarized how you can make the transition from PA-DSS to SSF in a blog post for you.


Do you have questions about the Secure Software Standard or need assistance with the transition? Contact us, we will be happy to help you.

Also interesting:

usd AG Re-Accredited Worldwide as an Approved Scanning Vendor (ASV)

usd AG Re-Accredited Worldwide as an Approved Scanning Vendor (ASV)

On 20.08.2024, we once again received worldwide accreditation as an Approved Scanning Vendor (ASV) for the scanning services of our usd PCI Platform by the PCI Security Standards Council (PCI SSC). This makes us one of two accredited ASV companies in Germany. More...

PCI DSS v4.0.1: Are You Ready for the Future-dated Requirements? 

PCI DSS v4.0.1: Are You Ready for the Future-dated Requirements? 

With the publication of PCI DSS v4.0.1, at the latest, the requirements introduced with version 4.0 of the credit card data security standard are yesterday's news - or so one would think. After all, many PCI DSS v4.0 assessments have already been carried out in the...

Categories

Categories