Frequently Asked Question

When must validated payment software be revalidated?
Subject to early expiry and the terms of the Software Security Framework Vendor Release Agreement (VRA), validations to the Secure Software Standard are valid for three years. Further information on revalidations and the process for managing changes to validated payment software can be found in the Secure Software Program Guide. Both the VRA and Secure Software Program Guide are available in the Document Library.
November 2021
Article Number: 1541
Related
-
Are currently listed PA-DSS payment applications required to be revalidated using the Secure Software Standard?
-
Are there prerequisite PCI SSC program requirements to meet before qualifying as an SSF Assessor Company?
-
Are Secure Software Assessors or Secure Software Lifecycle Assessors required to report Continuing Professional Education (CPE) credits to PCI SSC?
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?