Company Set to Assess and Validate Next-Generation PCI Cyber Defense
Coalfire, a provider of cybersecurity advisory and assessment services, today became the first firm to be accredited by the Payment Card Industry Security Standards Council (PCI SSC) to assess software solutions against the new Software Security Framework/Secure Software Lifecycle (SSF/SLC) standard.
The new software framework will replace the current PA-DSS (Payment Application Data Security Standard) that expires in late 2022. As the first major standards advancement since 2008, PCI SSF will support a new approach for providing secure payment processing for all software, from traditional to future platforms, across all transactions and industries.
“As the first cybersecurity firm to qualify under the new standard, Coalfire’s assessment and certification services will give early-adopter software vendors a jump on the competition,” said Coalfire Solution Validation Director Nick Trenc. “Coalfire is committed to helping our clients transition from PA-DSS to the next generation in payments compliance. They, in turn, will be among the first to provide the merchant community with state-of-the-art software security.”
The framework includes a new methodology for validating software security and standardizes requirements for different types of payment software under a single requirements architecture with supporting listing programs. The SSF/SLC allows merchants and acquirers to easily identify validated vendors and payment solutions that have effectively enhanced their ability to protect transactions and data, minimize vulnerabilities, and defend against cyber attacks.
The PCI SSC is a global forum that leads cross-industry efforts to increase payment security by providing flexible and effective standards and programs that help businesses detect, mitigate, and prevent cyber attacks and breaches. PCI SSC maintains programs for security companies seeking to be certified as Payment Application Qualified Security Assessors (PA-QSAs). With more than 10 years in the program, Coalfire was one of the original PA-QSA firms. For more information about how software vendors can transition to the new framework, read Nick Trenc’s blog post here.