The PCI Security Standards Council (PCI SSC) has published a resource guide with key information to help stakeholders plan for transitioning from PA-DSS to the PCI Software Security Framework (SSF).
The SSF provides vendors with security standards for developing and maintaining payment software so that it protects payment transactions and data, minimizes vulnerabilities, and defends against attacks. It includes a new methodology for validating software security and a separate secure software lifecycle qualification for vendors with robust security development practices.
When Payment Application Data Security Standard Version 3.2 (PA-DSS v3.2) expires at the end of October 2022, it will be formally retired and replaced by the SSF. In the interim, to help minimize disruption and ease the transition process for stakeholders, the standard and program will remain available and fully supported.
Also on the blog: New Software Security Framework Programs: Timeline & Key Milestones
