Secure Software Assessors are qualified by PCI SSC to validate payment software adherence to the Secure Software Standard. Qualified Secure Software Assessors will have the Assessment Type of "Secure Software" …
No. Secure Software Assessors and Secure SLC Assessors in good standing do not need to report CPEs to PCI SSC. The CPEs that these Assessors are required to obtain and …
Yes, it is possible to submit multiple changes to a software listing, however, details of each change must be provided separately using Section C1 of the Change Impact Template (located …
Yes. Vendors whose software development practices have been validated to the Secure SLC Standard are added to the list of Secure SLC Qualified Vendors.
Subject to early expiry and the terms of the Software Security Framework Vendor Release Agreement (VRA), validations to the Secure Software Standard are valid for three years. Further information on …
Yes, if the software in question meets all stated eligibility criteria in effect at the time of submission, software-as-a-service may be validated to the Secure Software Standard and listed on …
While onsite assessments continue to be the expected method for PCI SSC assessments, the use of remote assessment methods may provide a suitable alternative in legitimate scenarios where an onsite …
When assessment results are associated with compliance programs defined and managed by one or more payment brands, the compliance-accepting entity is the entity to which those assessment results (for example, …