Request for Comments: PCI Secure Software Lifecycle (Secure SLC) Standard v1.1 

From 16 August to 15 September 2023, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published version of the PCI Secure Software Lifecycle (Secure SLC) Standard during a 30-day request for comments (RFC) period.      

The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information. 

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period. 

Background on the PCI Secure SLC Standard 

The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework (SSF). It provides security requirements and assessment procedures for software vendors to integrate into their software development lifecycles and to validate that secure lifecycle management practices are in place. The Secure SLC Standard (v1.0) was originally published in January 2019 with a minor revision (v1.1) published in February 2021 to address errata and to expand program eligibility. No other updates have been published, or RFCs performed, since the initial v1.0 publication. The results of the RFC will be used to determine the scope of potential updates to the Secure SLC Standard for a future revision. 

Read more about the PCI Secure SLC Standard on the blog.