As of 14 September the RFC Has Been Extended Another 30 Days to Close on 15 October
Eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published version of the PCI Secure Software Lifecycle (Secure SLC) Standard.
The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Background on the PCI Secure SLC Standard
The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework (SSF). It provides security requirements and assessment procedures for software vendors to integrate into their software development lifecycles and to validate that secure lifecycle management practices are in place. The Secure SLC Standard (v1.0) was originally published in January 2019 with a minor revision (v1.1) published in February 2021 to address errata and to expand program eligibility. No other updates have been published, or RFCs performed, since the initial v1.0 publication. The results of the RFC will be used to determine the scope of potential updates to the Secure SLC Standard for a future revision.
Read more about the PCI Secure SLC Standard on the blog.