The PCI SSF standards extend PA-DSS limits to address overall software security resiliency. PCI SSF supports a broader array of payment software types, technologies, and development methodologies in use today and those to come.
Get ready to embrace cybersecurity as pure competitive advantage to your customers.
True Cybersecurity Experts, working with a vast array of clients ranging from small retail merchants to complex industrial environments and large international banks.
Remarkable individuals with lifetime of experience as cybersecurity consultants, penetration testers, analysts, developers and engineers for all kinds of industries.
Our people's technical experience coupled with a unique work environment is the foundation of our services: a complex machinery designed to assist our customers avoid disruption while managing risk.
Foregenix has been closely involved with the leading cybersecurity frameworks since its inception, including the Payment Card Industry (PCI), ISO, NIST and several country-specific regulatory bodies, earning a reputation of excellence in every program it participates.
While we insist that experience is what makes the difference on this business, our consultants still hold a myriad of certifications, including PCI, SWIFT and ISO, cloud-vendor specific ones, and more general technology credentials like CSSLP, CISM, CISA, CISSP, and many more.
Be part of the elite in the industry by attesting your strong cybersecurity posture and bring the right type of attention for your business.
After validation, either your payment software or your company's lifecycle, or both will be listed in the PCI SSF Standards Council's website for 3 years.
Designed to educate and prepare our clients for the evaluation of payment software under this new Compliance Program.
Our PCI SSF Assessors will provide an expert analysis of your company's current compliance status and security posture by defining the scope for the Compliance Assessment Service (CAS) to validate compliance with the PCI SSF Secure Software standard.
Foregenix will evaluate the software code or the operation of the software using a variety of security-testing tools and techniques. This test will validate each control objective.
The results of this phase will provide a detailed report on the environment and any remediation steps that should be taken.
A complete set of services to assist you with achieving and maintaining PCI SSF Compliant status.
It ensures that both your entity and Foregenix keep compliance with the PCI Secure Software Standard to the highest level.
A Foregenix expert will guide you through a high level revision of the PCI Software Security Framework (PCI SSF) and provide expert analysis on your company’s processes and payment software to define a successful transition strategy.
We receive a significant number of questions about PCI Software Security Frameworks Standards Compliance. Below, you will find the answers to the most frequently asked ones.
While both provide a three (3) year validation period they focus on different aspects of Software Security.
The Secure SLC Standard validates the security controls and practices with your software design and execution methodology. As such, we are validating processes, policies and procedures - this is not a technical review.
The Secure Software Standard, on the other hand, is a review of the overall security of a specific piece of software.
This means that, as an organization, you could be validated for having a Secure Software Lifecycle and you could have separate Secure Software Standard validations for each payment software you develop.
Your organisation/company does not need to be validated under the Secure SLC Standard to have your software validated. Having the Secure SLC validation, however, can simplify the process of maintaining the validation of your payment software when making changes. I’ll explain this a little.
The Secure Software Framework does not allow the use of wildcards. Any changes made to payment software will be high impact (if affecting sensitive assets – i.e. data, functions or resources) or low impact.
If you are Secure SLC validated, you can make low impact changes and submit the relevant documentation to the SSC to update the software version listing, without paying fees.
If you are not Secure SLC validated, these low impact changes must be reviewed by an assessor who must complete associated documentation and submit to the SSC on your behalf and each change requires you to pay a fee.
Payment software that stores, processes, or transmits clear-text Account Data, intended to be installed on customer systems as well as payment software deployed to customers ‘as a service’ over the Internet.
In order for an assessor to validate the standard objectives, the business must demonstrate documentation, processes and evidence showing the scope of each subject area in relation to their software and show the processes involved in measuring exposure and mitigating risk.
Collections of online technical articles, tools, events, whitepapers and industry insights.
SPEAK WITH US
We're here to assist you. We aim to understand your data security challenges - no matter the size of your project.
Start your PCI Project Today!
Get in touch today to find out how we can help you.