SDL and PCI DSS/PA-DSS - Aligning the Microsoft SDL with PCI DSS/PCI PA-DSS Compliance Activity

Language:
English
This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS).
  • Version:

    1

    File Name:

    SDL and PCI DSS_PA-DSS.docx

    Date Published:

    2/11/2011

    File Size:

    1.6 MB

      This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). PCI DSS is an industry-accepted standard authored and approved by the PCI Security Standards Council (PCI SSC). The PCI DSS includes several requirements that align closely with SDL practices. In addition, PA-DSS also mandates SDL-like controls for licensed or distributed third-party applications. Two primary scenarios where software security intersects with the PCI DSS and PA-DSS requirements are addressed in this paper—the development of new payment card software and the integration of payment card software into existing systems. The goal of the paper is to show business decision makers, systems integrators, and development organizations where existing PCI DSS compliance activities and SDL practices intersect in ways that may help them realize time, resource, or process efficiencies.
  • Supported Operating System

    Windows 7, Windows Vista, Windows XP

      n/a
    • n/a
Site feedback
Microsoft

What category would you like to give web site feedback on?



Rate your level of satisfaction with this web page today:

Comments:

Submit