Schellman listed as one of the first PCI Software Security Framework Assessors

Jacob Ansari

Recently, Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor. As the newest application security framework published by the PCI SSC, the SSF provides an objectives-based approach to assessing the design, development, testing, and maintenance of software that handles payment card data.

The framework itself contains two standards:

The Secure Software Lifecycle Standard – An interview and document-based assessment that focuses on software development and security practices.
The Secure Software Standard – Application security testing by the assessor that requires code reviews, forensic analysis, and the use of static and dynamic code analysis tools.

PCI practice director Jacob Ansari says,

“After working with the PCI SSC for several years to help develop this framework, we’re happy to see the framework fully realized and look forward to working with our clients to comply with these standards.”

For information about the PCI SSF, please contact pci@schellman.com.

About the Author

Jacob Ansari is a Senior Manager at Schellman & Company. Jacob performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS, P2PE, and 3DS. Jacob's career spans nearly 20 years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and assessment of cryptographic systems. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS.
More Content by Jacob Ansari

Return to Home

Welcome to our Hub

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Most Recent Articles

The secret to a flawless, stress-free SOC examination experience? Utilizing your company's internal audit team. Schellman's Edward Delgado provides an overview of this invaluable resource.

Cyber-attacks are increasing in frequency and magnitude, and the utilities sector is not immune. In part 1 of our EnergyTech series, we explore how the industry could benefit from cloud computing.

Schellman's John Cartwright, who always had a love of writing, started as a reporter and eventually found his way to IT assessments and auditing. He shares his story.

In our three-part EnergyTech series, we'll be exploring how modern amenities and the electrical systems that power them remain susceptible to cyberattacks, and solutions for keeping them protected.

Small actions made by a lot of people equals a big change. Schellman's Matt Hite offers ideas for how to get involved to help preserve and protect our planet.

For seasoned penetration testers who want to become a true web app exploit guru, OSWE certification delivers. Schellman's Nathan Rague provides an exam guide to help aspiring candidates prepare.

Eureka, Kansas may seem an unlikely hometown for a future tech pro, but Brett Hayes seized opportunities from an early age, eventually finding his way to Schellman and freedom to be his authentic self

As GDPR celebrates its second birthday, we take a closer look at how our views of privacy awareness and data protection have shifted.

The Office for Civil Rights (OCR) recently announced two HIPAA settlements that offer lessons for covered entities regarding right of access and failure to notify after a breach.

In honor of Father's Day, Schellman's Matt Dougher shares his story of how he and daughter Barrett draw determination from each other, and push each other toward achievement, through good and bad.

Schellman & Co Threat & Vulnerability Assessment Manager Josh Tomkiel discusses the lengths phishers will go to when trying to lure people to fraudulent websites during tax season.

June is Pride Month, a time that encourages everyone to be who they are without apology and promote acceptance and support within the LGBTQ+ community. Festivities are different this year but possible

Though cheating remains an important issue that is necessary to curb, data breaches are an even more repercussive danger looming in the shadows of the gaming industries

For AAPI heritage month, Schellman's Anna Tseng recognizes Asian Americans as instrumental in driving the US toward success, and as a culture, their resiliency during times of hardship.

As we all have discovered in recent weeks the world can change quickly, both personally and professionally. Compliance may be the last thing on your mind, but it is more important than ever.

For any penetration testing engagement, internet-facing services are an important part, and there are multiple ways to obtain information before determining if they are vulnerable to exploitation.

May is Asian and Pacific Islander American Heritage Month. Schellman's Danny Manimbo shares a tribute to his father, who taught him valuable lessons in hard work and to strive for greatness daily.