- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Request for Comments: Web Software Module for the PCI Secure Software Standard
From 14 March to 12 April 2022, eligible stakeholders are invited to review and provide feedback on the Web Software Module for the PCI Secure Software Standard during a 30-day request for comments (RFC) period.
The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Background on the Web Software Module for the PCI Secure Software Standard
The Web Software Module is a set of supplemental security requirements to the Secure Software Standard’s Core Requirements for payment software intended for use in e-commerce or other internet-facing payment scenarios.
The Secure Software Standard’s “modules” are groupings of related requirements to address a particular use case or payment platform and have their own applicability criteria. The security requirements within each module are intended to be applied in aggregate where relevant to a given software product.
The Web Software Module security requirements address common security issues related to the use of internet-accessible payment technologies, such as those that expose payment APIs or pages for other entities or sites to access and use. Topics covered in the Web Software Module include the secure use of software components, authentication and access control, the secure handling of input data, and secure communications.
The Web Software Module enhances the existing Core, Account Data Protection, and Terminal Software modules to further expand the scope of payment use cases covered by the PCI Secure Software Standard.
Also on the blog: About the Software Security Framework