Web Software Module for the PCI Secure Software Standard

From 14 March to 12 April 2022, eligible stakeholders are invited to review and provide feedback on the Web Software Module for the PCI Secure Software Standard during a 30-day request for comments (RFC) period.

The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.

Background on the Web Software Module for the PCI Secure Software Standard
The Web Software Module is a set of supplemental security requirements to the Secure Software Standard’s Core Requirements for payment software intended for use in e-commerce or other internet-facing payment scenarios.

The Secure Software Standard’s “modules” are groupings of related requirements to address a particular use case or payment platform and have their own applicability criteria. The security requirements within each module are intended to be applied in aggregate where relevant to a given software product.

The Web Software Module security requirements address common security issues related to the use of internet-accessible payment technologies, such as those that expose payment APIs or pages for other entities or sites to access and use. Topics covered in the Web Software Module include the secure use of software components, authentication and access control, the secure handling of input data, and secure communications.

The Web Software Module enhances the existing Core, Account Data Protection, and Terminal Software modules to further expand the scope of payment use cases covered by the PCI Secure Software Standard.

Also on the blog: About the Software Security Framework

2022-cfs

Source

From 14 March to 12 April 2022, eligible stakeholders are invited to review and provide feedback on the Web Software Module for the PCI Secure Software Standard during a 30-day request for comments (RFC) period.

The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.

Background on the Web Software Module for the PCI Secure Software Standard
The Web Software Module is a set of supplemental security requirements to the Secure Software Standard’s Core Requirements for payment software intended for use in e-commerce or other internet-facing payment scenarios.

The Secure Software Standard’s “modules” are groupings of related requirements to address a particular use case or payment platform and have their own applicability criteria. The security requirements within each module are intended to be applied in aggregate where relevant to a given software product.

The Web Software Module security requirements address common security issues related to the use of internet-accessible payment technologies, such as those that expose payment APIs or pages for other entities or sites to access and use. Topics covered in the Web Software Module include the secure use of software components, authentication and access control, the secure handling of input data, and secure communications.

The Web Software Module enhances the existing Core, Account Data Protection, and Terminal Software modules to further expand the scope of payment use cases covered by the PCI Secure Software Standard.

Also on the blog: About the Software Security Framework

2022-cfs

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Apple patches double zero-day in browser and kernel – update now! – Naked Security

Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There's a remote code execution hole (RCE) dubbed...

Securing the ever-evolving hybrid work environment

Even as many business leaders debate the boundaries of remote work styles and schedules, there is little doubt that hybrid work will persist for...

Hackers Deploy Bumblebee Loader to Breach Target Networks

Threat actors associated with BazarLoader, TrickBot and IcedID malware are now increasingly deploying the loader known as Bumblebee to breach target networks and subsequently...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!