Latest changes to PCI SSC frequently asked questions.
After 28 October 2022, all previously validated PA-DSS applications will be expired and moved to the "Acceptable Only for Pre-existing Deployments" list on the PCI SSC website. Payment application vendors …
Secure SLC Assessors are qualified by PCI SSC to validate software vendor adherence to the Secure SLC Standard.Qualified Secure SLC Assessors will have the Assessment Type of "Secure SLC" noted …
Vendors that want to have their software development processes assessed to the Secure SLC standard may initiate the process by engaging a qualified Secure SLC assessor from the PCI SSC …
The eligibility criteria for software validation to the PCI Secure Software Standard is defined in the Secure Software Program Guide, available in the Document Library. Whether an entity is …
Secure Software Assessors are qualified by PCI SSC to validate payment software adherence to the Secure Software Standard. Qualified Secure Software Assessors will have the Assessment Type of "Secure Software" …
No. Secure Software Assessors and Secure SLC Assessors in good standing do not need to report CPEs to PCI SSC. The CPEs that these Assessors are required to obtain and …
Yes, it is possible to submit multiple changes to a software listing, however, details of each change must be provided separately using Section C1 of the Change Impact Template (located …
Yes. Vendors whose software development practices have been validated to the Secure SLC Standard are added to the list of Secure SLC Qualified Vendors.
Subject to early expiry and the terms of the Software Security Framework Vendor Release Agreement (VRA), validations to the Secure Software Standard are valid for three years. Further information on …
No, companies are not required to participate in other PCI SSC programs before becoming an SSF Company.
