The Secure Software Lifecycle (SLC) standard is a part of the Secure Software Framework (SSF) standard intended to provide Secure SLC qualified vendors the ability to perform certain SSF related tasks with minimal SSF assessor involvement.

Generally speaking, the actions permitted to be conducted by a Secure SLC Qualified Vendor are similar to the permitted wildcard activities that were allowed under the PA-DSS program (retiring on June 30, 2021), but are expanded in several ways.

What are some other benefits of being listed on the PCI Security Standards Council list of approved solutions as a Secure SLC Qualified Vendor?

  • Upon completion of the initial assessment, the SSF assessor will submit necessary documents, and the company will be listed on the PCI SSC as being a Secure SLC Qualified Vendor
  • Listed Secure SLC Qualified Vendors will be empowered to perform and self-attest to their own software “delta” assessments (as part of validation of their payment software products to the Secure Software Standard) with reduced assessor involvement or oversight.
  • Secure SLC Qualified Vendors can perform their own annual revalidation and designated change validations without involving a SLC security assessor.
  • Secure SLC Qualified Vendors can login and make administrative changes to their own listings on the PCI SSC web site without involving a SLC security assessor.

Datassurant is a long-time leader in information, data and application security and compliance services. Datassurant is an expert in providing your organization with high quality payment application gap-analysis, payment application testing, code review, software security guidance documentation assistance and several other key Secure Software Standard (SSF) and Secure Software Lifecycle Standard (SLC) related services.

For further details, please contact us.

Slide SSF SLC Scanning
and Testing
HyperSecur®
Cloud
Solutions
PA-DSS PCI DSS

PCI DSS

We make it easy to validate PCI DSS compliance and minimize your risks.

PCI DSS can sometimes be time consuming and complex, especially when you are busy running a business. Our PCI compliance offerings and programs are straightforward and customizable. PCI compliance requires adherence to a set of guidelines instituted by the Payment Card Industry, ensuring that ecommerce sites follow data security standards (DSS). PCI compliance can make or break your credit card payment operations and potentially your entire business. We are here to help you navigate through the entire process.

PA-DSS

Secure payment applications are not just in demand, they are mandatory.

Software vendors who develop payment application and point-of-sale (POS) systems can turn to Datassurant, a long-time leader in information security and compliance services; and provider of payment application gap-analysis, payment application testing, code review, implementation guide assistance and several other key PA-DSS related services.

PCI Secure Software Standard

The PCI Secure Software Standard is the next evolution and modern replacement program for PA-DSS.

Unlike PA-DSS, the SSF takes an “Objective-Based” approach, understanding that one size does not fit all. This allows flexibility to software vendors by taking a risk assessment strategy centric based approach in having their applications and solutions meet each SSF security requirement and control objective.

Secure Software Lifecycle (SLC)

If you liked using your “wildcard” versioning schema under PA-DSS, then we recommend getting your organization SLC validated.

The Secure Software Lifecycle (SLC) standard is a part of the Secure Software Framework (SSF) and once SLC validated, allows Secure SLC qualified vendors the ability to perform certain SSF related tasks with minimal SSF assessor involvement.

Scanning and Testing

Are you at risk? Datassurant can help.

We will help you understand the risks in your current site structure. Some of our processes include dynamic port scanning, port-level network services detection, vulnerability testing, and web application vulnerability testing. We will let you know exactly what you need to do to improve. You can feel confident that your customers are protected.

Cloud Cybersecurity Solutions

Datassurant has the solutions you need to build and maintain a successful cloud security program.

Our team of security experts will help you navigate the cloud security risks and protect you from the security threats to your business. We provide recommendations based on industry standards and best practices to protect your data in the cloud. Datassurant can protect your business, giving you peace of mind to focus on growing your business.