The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
When the PCI Software Security Council (PCI SSC) released the new PCI Software Security Framework in January 2019, it took a progressive leap forward, drastically raising security standards for the payments industry. The framework was created in an effort to align with newly emerging and rapidly advancing technologies in the payments ecosystem.
The new standards require that payments application vendors implement enhanced security controls to adhere to a strictly defined security process. At a high level, the process requires that applications be designed, developed, and maintained to protect the integrity of all payment transactions as well as sensitive data collected in association with those transactions.
In the framework, there are two standards. The PCI Secure Software Standard defines security requirements and assessment procedures for payment applications. The PCI Secure Software Lifecycle (Secure SLC) Standard covers the secure development of applications throughout the whole development cycle. While the former is mandatory and the latter is optional, organizations that can demonstrate compliance with the Secure SLC Standard can forgo the required assessment for every release. This kind of process acceleration is crucial for organizations that employ agile and/or DevOps development processes.
The Secure SLC Standard not only improves business efficiency for payment application vendors but also has the potential to stand as new security benchmark for other industries to follow.
5 Compliance TipsSoftware developers are adopting more competitive software life-cycle management techniques with faster release cycles, and the PCI Standards were designed to better support these agile environments. To help comply with the PCI Software Security Standards, consider the following:
1. Devise a systematic process for building security in early and maintaining this throughout the SLC.”The traditional software development …
Author: Rohit Sethi COO of Security Compass