PCI Software Security Framework
E723413
The PCI Software Security Framework is a set of standards and validation programs from the PCI Security Standards Council that define modern security requirements and lifecycle practices for payment software to protect cardholder data.
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
payment card industry standard
ⓘ
security standard framework ⓘ |
| abbreviation | PCI SSF NERFINISHED ⓘ |
| appliesTo | payment software ⓘ |
| defines |
lifecycle practices for payment software
ⓘ
security requirements for payment software vendors ⓘ validation programs for payment software ⓘ |
| developedBy | PCI Security Standards Council NERFINISHED ⓘ |
| focusesOn |
cardholder data protection
ⓘ
software security ⓘ |
| geographicScope | global ⓘ |
| governs | validation of payment software security ⓘ |
| governsAssessmentType | software security assessment ⓘ |
| governsDataType |
cardholder data
ⓘ
sensitive authentication data ⓘ |
| hasLifecycleFocus |
deployment phase
ⓘ
design phase ⓘ development phase ⓘ maintenance phase ⓘ retirement phase ⓘ testing phase ⓘ |
| hasPurpose |
define security requirements for payment software
ⓘ
protect cardholder data ⓘ support secure payment software development lifecycle ⓘ |
| hasScope |
design of payment software
ⓘ
development of payment software ⓘ maintenance of payment software ⓘ support processes for payment software ⓘ |
| includesComponent |
Secure Software Lifecycle Standard
NERFINISHED
ⓘ
Secure Software Standard NERFINISHED ⓘ |
| includesProgram |
Secure Software Lifecycle Program
NERFINISHED
ⓘ
Secure Software Program ⓘ |
| isSuccessorTo | Payment Application Data Security Standard NERFINISHED ⓘ |
| language | English ⓘ |
| publisher | PCI Security Standards Council NERFINISHED ⓘ |
| relatedTo |
PCI 3-D Secure SDK Security Standard
NERFINISHED
ⓘ
PCI Data Security Standard NERFINISHED ⓘ |
| replaced | Payment Application Data Security Standard NERFINISHED ⓘ |
| requires |
access control for payment software
ⓘ
logging and monitoring in payment software ⓘ protection of cryptographic keys in software ⓘ secure software architecture ⓘ secure software development practices ⓘ vulnerability management for payment software ⓘ |
| supports | risk-based security approach for payment software ⓘ |
| supportsComplianceWith | PCI DSS requirements for payment software ⓘ |
| targetsAudience |
assessors of payment software security
ⓘ
payment software vendors ⓘ software developers of payment applications ⓘ |
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.