This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS).
-
|
File name:
|
Date Published:
|
|
SDL and PCI DSS_PA-DSS.docx
|
2/11/2011
|
|
Version:
|
File size:
|
|
1
|
1.6 MB
|
This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). PCI DSS is an industry-accepted standard authored and approved by the PCI Security Standards Council (PCI SSC). The PCI DSS includes several requirements that align closely with SDL practices. In addition, PA-DSS also mandates SDL-like controls for licensed or distributed third-party applications.
Two primary scenarios where software security intersects with the PCI DSS and PA-DSS requirements are addressed in this paper—the development of new payment card software and the integration of payment card software into existing systems.
The goal of the paper is to show business decision makers, systems integrators, and development organizations where existing PCI DSS compliance activities and SDL practices intersect in ways that may help them realize time, resource, or process efficiencies.
-
Supported Operating System
Windows 7, Windows Vista, Windows XP
-
Popular downloads