The PCI Software Security Framework (SSF) is a collection of standards and programs for the secure design and development of payment software. The SSF program is similar to and will replace PA-DSS at the retirement of that standard at the end of October 2022.
Fundamental to the framework are two standards that set the foundation:
- Secure Software Standard
- Secure Software Lifecycle Standard
Learn more at PCI Security Standards Council
Secure Software Standard
The Secure Software Standard provides security requirements for building secure payment software to protect the integrity and the confidentiality of sensitive data that is stored, processed, or transmitted in association with payment transactions. It is intended for vendors that develop payment software that supports or facilitates payment transactions.
As new modules are added to the Secure Software Standard, the program scope will expand to support other types of software, use cases, and technologies.
Secure Software Lifecycle (Secure SLC) Standard
The Secure SLC Standard provides security requirements for payment software vendors to integrate security throughout the entire software lifecycle, which results in software that is secure by design and able to withstand attacks. It is intended for vendors that are developing payment software that supports or facilitates payment transactions.