PCI Software Security Framework

PA-DSS, which has been longly recognized as the defacto standard for payment applications data security, will be replaced by the recently published standard ''Software Security Framework'' by the end of 2022. PA-DSS validation requests submitted by vendors will be accepted till June 2021. In a recent FAQ published on PCI SSC blog, the relationship between the new security framework and the PA-DSS standard has been explained as: 

''The PCI Software Security Framework is separate and independent from PA-DSS. While the PCI Software Security Framework includes elements of PA-DSS, the Framework represents a new approach for securely designing and developing both existing and future payment software. PA-DSS was designed specifically for payment applications used in a PCI DSS environment. The PCI Software Security Standards extend beyond this to address overall software security resiliency. The PCI Software Security Framework is designed to support a broader array of payment software types, technologies, and development methodologies in use today and also support future technologies and use cases.''

In future posts, I will take a glance at SSF.