Security Compass Helped to Create and Now Supports the New PCI Software Security Standards with its Leading Policy-to-Procedure Platform

Jan 22, 2019

SC Pressroom Cybersecurity's leading news distribution network

TORONTO,  -- Security Compass, a software security company that provides organizations with the knowledge, training, and technology to make software secure, today announced that its policy-to-procedure platform, SD Elements, will provide a strong foundation for compliance with the new Payment Card Industry (PCI) Software Security Standards, released on January 16th, 2019.  The SD Elements platform translates policy into actionable tasks that developers can understand and implement directly into their code – saving considerable time and money while helping to bring secure, high-performance software applications to market faster.

A few years back, PCI Security Standards Council (PCI SSC) launched an effort to create a new standard for software security in the payments industry and its supporting ecosystem. The emerging PCI Software Security Standards are the result of these efforts. The new documents are part of the PCI Software Security Framework which includes both Secure Software Lifecycle (Secure SLC or SSLC) Requirements and Assessment Procedures, otherwise known as the Secure SLC Standard and Secure Software Requirements and Assessment Procedures, otherwise known as the Secure Software Standard, which introduce objective-based standards into the software development process. The Software Security Framework also includes a third component, the Validation Program, which is expected to be released mid-2019. This is a program for software vendors to validate how they can properly manage the security of payment software throughout the entire software lifecycle.

Rohit Sethi, COO of Security Compass, served as a community member and expert contributor to the Council’s Software Security Task Force, bringing his first-hand experience in building security best practices and compliance standards into the software lifecycle as early as possible.

"Unlike almost every broad security standard and compliance framework today, the new PCI standards will treat the Secure SLC as a critical need that deserves comprehensive treatment," said Rohit Sethi, COO of Security Compass. "The depth of requirements will be closer to what we see in software security-specific maturity models and standards like BSIMM, ISO 27034 or NIST 800-64, far beyond the more commonly-adopted security standards, like ISO 27001/2 and NIST Cybersecurity framework. This is a bold step by the PCI SSC and one that will ensure robust software security measures are embraced by the entire partner supply chain and embedded throughout the development process."

Few companies today describe themselves as being sufficiently mature to adhere to a Secure SLC framework.  Other industries with mission-critical applications will go on to be dangerously liberal with their software security standards. The new PCI Software Security Standards raise the bar for other industries to follow, and they force companies in the payments industry to design, develop, and maintain software that protects the integrity of payment transactions; guards against sophisticated forms of fraud that permeate e-commerce; and safeguards the confidentiality of all sensitive data collected in association with payment transactions.

The following is a list of key features and specific functionality offered by SD Elements that can help with PCI compliance:

  • Compliance: A knowledge base of actionable tasks and requirements for PCI compliance as well as multiple other compliance standards.
  • Enterprise Ready: Integrations fit with any development environment.
  • Automated Threat Modeling: Streamlines the process by automating the identification of domain-agnostic threats, allowing development teams to focus on higher-level analysis.
  • Just-in-Time Training: Computer-based e-learning modules for developers that are relevant to their work tasks and delivered at the exact moment they are needed.
  • Force Multiplier for Security Architects and Privacy Engineers: Allows experts to accomplish more by automating part of their current workflow, allowing them to better attend to product, feature, and sprint planning.
  • Shift Left and Build Security In: Identifies and eliminates application security vulnerabilities earlier on in the software development lifecycle.

To learn more about SD Elements and how it can facilitate compliance with the new PCI Software Security Standards, download the new guide by Security Compass here.

About Security Compass
Security Compass is a leader in helping organizations proactively manage cybersecurity risk in their mission-critical software without slowing down business. Through its tailored DevSecOps solutions, its award-winning policy-to-procedure platform, SD Elements, and its verification services, which include penetration testing, threat modeling, and red teaming, Security Compass helps organizations efficiently deliver software that’s secure by design. The company serves some of the world’s largest enterprises, including 16 of the largest financial institutions in North America, South America, and Asia, as well as four of the largest tech companies in the world. Security Compass is privately held and headquartered in Toronto, Canada with global offices in the United States and India. Follow Security Compass on Twitter @securitycompass or visit https://www.securitycompass.com/.


Tags: North America, English