• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

PCI Software Security Framework

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Certifications / PCI Software Security Framework
ControlCase delivers comprehensive PCI SSF assessments that "Reduce Audit Fatigue" to guarantee:
  • - On-time Compliance
  • - Fixed Price
  • - Partnership Approach - Avoid checkbox auditors
  • - Automated Evidence Collection
  • - Business as Usual

The PCI SSF (Software Security Framework) is a blend of traditional and modern software security requirements. Validation of payment software to Secure Software Standards (S3) assures that the Payment Software that is designed protects the integrity of the software and the confidentiality of the sensitive data it captures, stores, processes, and transmits. The latest framework supports evolving technologies, software types, and development methodologies.

The PCI SSF (Software Security Framework) is a collection of standards and programs for the secure design and development of payment software.

The new SSF is comprised of:

1. A Secure SLC Standard, and

2. A Secure Software Standard.

The Secure SLC Standard defines a set of security requirements and associated test procedures for software vendors to validate how to properly manage the security of payment software throughout the software life-cycle. Secure SLC is applied to software vendors that develop software for the payments industry.

The Secure Software Standard defines a set of security requirements and associated test procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data. The Secure Software Standard is applied to payment software that is sold, distributed, or licensed to third parties.

Why choose PCI SSF over PA DSS?

  • The PCI SSF is separate and distinct from PA-DSS.
  • The PA-DSS program will eventually be integrated into the PCI SSF.
  • PCI SSF includes some components of PA-DSS.
  • All PA-DSS validated payment applications will continue to be governed by the PA-DSS standard until the applications reach their expiration date.
  • It is recommended to assess new payment applications using PCI SSF instead of continue using PA-DSS.
  • The PCI Council will accept new PA-DSS validations through mid-2020, and these applications will be valid through late 2022.

 

How Does It Work?

ControlCase has a streamlined methodology for SSF (Software Security Framework) Certification featuring an easy to understand questionnaire and sample templates, which explain the types of evidence required. We assist you in driving towards achieving certification in an efficient and cost-effective manner.

The PCI SSF will assist auditors in evaluating the security of software and the development lifecycle. It will replace the current PA-DSS with updated requirements aligned with industry standards that support a broader array of payment software types, technologies, and development methodologies.

The methodology consists of the following steps:

ControlCase PCI SSF, SLC Methodology

Six Phases of Certification Process: Compliance validation is demonstrated and assessed in following six progressive steps.

1. Strategy Call: Strategy call to identify the point of contact from both organizations, timelines for assessment, high level requirement and roadmap for the project.
2. SkyCAM Setup: Configuring tools to collect evidence automatically, to do remote application vulnerability assessment.
3. Scoping: Identify the boundaries of the scope of assessment and inclusion and dependency of any third party.
4. Pre-Assessment/Gap Assessment: Interviews, reviews of documentation and walk-through to identify gaps and provide recommendations.
5. Remediation/ Advisory Support : Assistance as partners to provide advisory support for mitigating gaps and collecting evidence.
6. Compliance Certification: Conduct the certification phase, and on successful completion, provide the reports and attestation documentation/certification. Also support client to list the payment application details with the PCI SSC.

The deliverables include:

  • Report on Compliance (ROC) for SLC
  • Attestation of Compliance (AOC) for SLC
  • Report on Validation (ROV) for SSA
  • Attestation of Validation (AOV) for SSA
  • Certificate of Compliance (COC) SSF / SLC
  • Web Seal
  • Card brand registration support

 

Benefits to our approach include:

ADAPTIBILITY
This approach is adaptable to most ticketing systems.
SIMPLICITY
This approach is repeatable.
TRANSPARENCY
Track progress against only applicable questions.
TRACKABILITY
Stay organized with assessor comments and date stamps.

Featured Resources

Compliance 101: HITRUST Update 2023

Webinar
View Recording
Compliance 101: HITRUST Update 2023

Why PCI DSS 4.0 Should Be on Your Radar?

Blog
February 2, 2023
Why PCI DSS 4.0 Should Be on Your Radar?

ControlCase Announces the Launch of the One Audit™ Bootcamp

News
November 1, 2022
ControlCase Announces the Launch of the One Audit™ Bootcamp

PCI SSF

Data Sheet
November 1, 2020
PCI SSF

Need more information?

Contact Us
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices