PCI SSC introduced a fairly new framework which is the Payment Card Industry Software Security Framework that is effective from October 2022. PCI SSF is a combination of different standards and programs designed and developed to secure payment software.
It is a framework introduced to replace the Payment Application Data Security Standard (PA-DSS) with modern requirements that supports a variety of payment software types, technologies, and development methodologies. The framework provides the flexibility for software developers to incorporate payment application security with current industry best Software Development Lifecycle Practices and frequent update cycles.
The framework consists of two standards namely the Secure Software Lifecycle (SLC) Standard and Secure Software Standard. The application of either standard depends on the eligibility criteria. Given below are details of both the standards explained for a better understanding of the framework.