On October 28, 2022, the Payment Application Data Security Standard (PA-DSS) will expire and be replaced by the PCI Secure Software Standard. Together with the Secure Software Lifecycle (Secure SLC) standard, this forms the Council's new PCI Software Security Framework. Certification according to the two new standards has been possible since 2020.
The Secure Software Standard supports a wider range of applications, architectures and functions of software than the PA-DSS. It also brings more agility with regard to current development techniques and release cycles, which means, for example, that more transparency can be created when updating software products. In contrast to the PA-DSS, the Secure Software Standard also formulates target-oriented requirements, the concrete implementation of which can be designed by software manufacturers themselves.
Another significant advantage of the Secure Software Standard is the possibility for software manufacturers to be additionally certified according to the Secure Software Lifecycle Standard. In this case, the manufacturer's development processes are certified themselves, so that they can check minor changes to their software themselves for compliance with the Secure Software Standard.
We have summarized how you can make the transition from PA-DSS to SSF in a blog post for you.
Do you have questions about the Secure Software Standard or need assistance with the transition? Contact us, we will be happy to help you.
