Course Description

This course provides a thorough introduction to the requirements that the PCI Software Security Framework (SSF) introduces. PCI SSF replaces the PCI Payment Application Data Security Standard (PA-DSS), which will be retired in October 2022, and introduces two new standards and associated validation and listing programs: the Secure Software Standard and Secure Software Life Cycle Standard.

The main goal of this course is to present the requirements that these standards introduce for creating payment software that is designed, engineered, developed, and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends against attacks. Students will learn to conduct a gap analysis and create a roadmap to ensure that their software life cycle and the payment software they produce is compliant to PCI SSF. They will also gain a thorough understanding of the areas they need to focus on in order to protect the security of sensitive and payment data that is stored, processed, or transmitted by the software.