PCI Secure Software Lifecycle Standard eligible for more software vendors

3. March 2021

Recently the PCI Security Standards Council (PCI SSC) released version 1.1 of the Secure Software Lifecycle (Secure SLC) Standard and the corresponding Program Guide. This company certification out of the PCI Software Security Framework (PCI SSF) allows software vendors to prove that they have integrated comprehensive security measures into their complete software lifecycle.

Our accredited Secure SLC assessors have reviewed the key changes compared to the original version for you:

The majority of the changes were made to correct minor errors and to sharpen definitions and important terms. But the following expansion of the definition, concerning the eligibility, has exciting implications.

For purposes of this document (including Section A.3 of Appendix A hereto):
“Eligible Software” means any software or software component that may be present in a payment environment and either (a) is directly involved in storing, processing, or transmitting payment data (“Payment Software”) or (b) does not directly handle payment data but may share resources defined within a payment environment;

[Source: https://www.pcisecuritystandards.org/documents/PCI-Secure-SLC-Program-Guide-v1_1.pdf]

The standard is therefore no longer limited to providers of payment software that directly stores, processes or transmits payment data. The addition of part (b) will make it easier for other software vendors to participate in the Secure SLC program and achieve validation according to it.


Do you have questions about a certification according to the PCI Secure Software Lifecycle Standard or do you need support? Contact us, we are happy to help.

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories