Frequently Asked Question

Is software-as-a-service (SaaS) eligible for Secure Software Standard validation and listing?
Yes, if the software in question meets all stated eligibility criteria in effect at the time of submission, software-as-a-service may be validated to the Secure Software Standard and listed on the PCI SSC list of Validated Payment Software.
More information on the eligibility for the Secure Software Program is located in the Secure Software Program Guide available in the Document Library.
November 2021
Article Number: 1549
Related
-
Are currently listed PA-DSS payment applications required to be revalidated using the Secure Software Standard?
-
Are there prerequisite PCI SSC program requirements to meet before qualifying as an SSF Assessor Company?
-
Are Secure Software Assessors or Secure Software Lifecycle Assessors required to report Continuing Professional Education (CPE) credits to PCI SSC?
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?