Today, the PCI Security Standards Council (PCI SSC) has released documentation for version 1.1 of the PCI Secure Software Standard and the programs that support it. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). PCI secure software requirements ensure that payment software is designed, designed, developed, and maintained in a way that protects payment transactions and data, minimizes vulnerabilities, and protects against attacks.
Version 1.1 of the PCI Secure Software Standard introduces the Terminal Software Module, a new security requirements module for payment software intended for deployment and operation on PCI-approved PIN Transaction Security (PTS) Point of Interaction (POI) devices. I will. Software intended for deployment and operation on other platforms is not affected by the new requirements.
The new Terminal Software Module is the third module built into the PCI Secure Software Standard modular requirements architecture. Modules are a group of requirements that correspond to a particular use case. Two existing modules of PCI Secure Software Standard send “core” modules, including general security requirements that apply to all payment software, and account data in storage, processing, or clear text. PCI SSC plans to introduce additional modules in the future.
The SSF evaluator qualification requirements have also been updated to include module training and exam requirements to support the addition of terminal software modules and future modules. PCI Secure Software Standard v1.1 also supports errata, adds minor descriptions, and adjusts important terms and definitions throughout the standard and program documentation.
Vendors and evaluators should download the current program documentation and refer to v1.1 in the program guide if they want to use the standard v1.1. The following document PCI SSC document library:
- PCI Secure Software Standard v1.1
- Summary of changes from PCI Secure Software Standard v1.0 to v1.1
- PCI Secure Software Program Guide v1.1
- PCI Secure Software Report (ROV) Template for Verification v1.1
- PCI Secure Software Verification Certificate (AOV) v1.1
The PCI Secure Software Standard will replace the Payment Application Data Security Standard (PA-DSS) and programs when officially terminated on October 28, 2022. Submissions of the new payment application for PA-DSS verification will be accepted until June 30, 2021. PCISecure Software Standard extends the key principles of protecting payment applications and data first introduced in PA-DSS and is designed to support far more payment software architectures, features, and software development methodologies. I will.
As part of the termination of PA-DSS in October 2022, the PA-QSA program will also be abolished. For existing PA-QSAs interested in performing PCI Secure Software Standard validation, PCI SSC recently announced the 2021 date of Software Security Framework Evaluator Training. The SSF Assessor is an independent security organization that is qualified to perform evaluations of Secure Software Standard, Secure SLC Standard, or both by PCI SSC.
SSF Assessor Company qualifications are open to all companies that meet the SSF Assessor Qualification requirements.. Eligible organizations can apply now to become an SSF evaluation company by visiting the following website: Safe software evaluator Or Safe SLC evaluator Follow the steps outlined in the registration process on the PCI SSC website page.Classes are available for Qualification, information Or Corporate group training..
New terminal software module introduced in PCI Secure Software Standard version 1.1
https://blog.pcisecuritystandards.org/new-terminal-software-module-introduced-in-pci-secure-software-standard-version-1-1 New terminal software module introduced in PCI Secure Software Standard version 1.1