atsec China has been qualified by the PCI SSC (Payment Card Industry Security Standards Council) as a Secure Software Lifecycle (SLC) Assessor and Secure Software Assessor company under the PCI Software Security Framework (SSF) program to evaluate a vendor’s software lifecycle and/or validate a vendor’s payment software.
The PCI SSF is a collection of standards and programs for the secure design and development of payment software. Security of payment software is a crucial part of the payment transaction flow and is essential to facilitate reliable and accurate payment transactions. The SSF replaces the Payment Application Data Security Standard (PA-DSS) with modern requirements that support a broader array of payment software types, technologies, and development methodologies. With its outcome-focused requirements, the SSF provides more agility for developers to incorporate payment application security with nimble development practices and frequent update cycles. The SSF enables accelerated provision of customization and features for payment applications for merchants without compromising security. It also improves consistency and transparency in testing payment applications, which elevates validation assurance for merchants, service providers, and acquirers that implement and manage the use of payment solutions.
As a qualified Secure Software Lifecycle (SLC) Assessor, atsec can perform Secure SLC Assessments according to the Secure Software Lifecyle (Secure SLC) Standard. The Secure SLC Standard is intended for validating the lifecycle practices for software vendors that develop software for the payments industry. This standard provides security requirements for payment software vendors to integrate security throughout the entire software lifecycle, which results in software that is secure by design and able to withstand attacks. Upon successful validation by atsec as one of the Secure SLC Assessors, software vendors will be recognized on the PCI SSC List of Secure SLC Qualified Vendors. Secure SLC Qualified Vendors are empowered to perform and self-attest to their own software “delta” assessments with reduced assessor involvement or oversight.
As a qualified Secure Software Assessor, atsec can perform Secure Software Assessments according to the Secure Software Standard. This standard provides security requirements for building secure payment software to protect the integrity and the confidentiality of sensitive data that is stored, processed, or transmitted in association with payment transactions. Upon successful evaluation by atsec as one of the Secure Software Assessors, validated payment software will be recognized on the PCI SSC List of Validated Payment Software, which will supersede the current List of Validated Payment Applications when PA-DSS is retired the end of October 2022.
The SSF Assessors list can be found on the official website of PCI SSC:
https://www.pcisecuritystandards.org/assessors_and_solutions/software_security_framework_assessors
In addition to SSF assessor, as an accredited PCI QSA, ASV, QPA, PA QSA, P2PE, 3DS assessor and PFI, atsec China offers a full range of services to support organizations in achieving PCI compliance.
For more information about atsec’s PCI services, please visit:
http://www.atsec.cn/it-security-services/pci/en/index.html