Schellman listed as one of the first PCI Software Security Framework Assessors

Jacob Ansari

Recently, Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor. As the newest application security framework published by the PCI SSC, the SSF provides an objectives-based approach to assessing the design, development, testing, and maintenance of software that handles payment card data.

The framework itself contains two standards:

The Secure Software Lifecycle Standard – An interview and document-based assessment that focuses on software development and security practices.
The Secure Software Standard – Application security testing by the assessor that requires code reviews, forensic analysis, and the use of static and dynamic code analysis tools.

PCI practice director Jacob Ansari says,

“After working with the PCI SSC for several years to help develop this framework, we’re happy to see the framework fully realized and look forward to working with our clients to comply with these standards.”

For information about the PCI SSF, please contact pci@schellman.com.

About the Author

Jacob Ansari is a Senior Manager at Schellman & Company. Jacob performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS, P2PE, and 3DS. Jacob's career spans nearly 20 years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and assessment of cryptographic systems. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS.
More Content by Jacob Ansari

Return to Home

Welcome to our Hub

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Most Recent Articles

For AAPI heritage month, Schellman's Anna Tseng recognizes Asian Americans as instrumental in driving the US toward success, and as a culture, their resiliency during times of hardship.

As we all have discovered in recent weeks the world can change quickly, both personally and professionally. Compliance may be the last thing on your mind, but it is more important than ever.

For any penetration testing engagement, internet-facing services are an important part, and there are multiple ways to obtain information before determining if they are vulnerable to exploitation.

May is Asian and Pacific Islander American Heritage Month. Schellman's Danny Manimbo shares a tribute to his father, who taught him valuable lessons in hard work and to strive for greatness daily.

We’re living through the world’s latest pandemic. Guidelines from WHO alter normal life to preserve health but organizations and individuals are faced with another unprecedented concern—data privacy.

The PCI SSC has published blogs and guidelines for when remote work is necessary, including the Remote Assessments and the Coronavirus blog that focuses on conducting remote PCI Assessments.

Armed Forces Day has personal significance to Schellman & Co's Eric Espinoza, who joined the US Army nearly ten years ago and continues to serve as a commissioned Officer in the Army National Guard.

Need a comprehensive cloud computing control framework? Meet C5.

In our “new normal” most of us are still getting used to working from home. The prospect of staying home presented the chance to sneak in family time, tackling that to-do list, or taking up a hobby.

For years we’ve been functioning on the premise that frequently changing our passwords is a good thing. So much so that many corporations have made frequent password changes a mandatory activity.

While I have never served myself, the military has influenced so many aspects of my life. I feel appreciative for all they do to keep our country safe, and for the ways it has impacted me personally.

Most people have had exposure to deepfakes – that is, hyper-realistic audio, video, or images that have been altered using algorithms to make a subject appear to do or say something they did not.

Schellman & Company, a leading provider of attestation and compliance services, announced today that it has been officially certified as a Great Place to Work™ for the second year in a row.

Three Steps to Ensure Employee Safety during a Pandemic

Schellman & Company, LLC a leading provider of attestation and compliance services announced today that it has been named one of the 2021 Vault Accounting 50.

The Cybersecurity Maturity Model Certification (CMMC) has been a hot topic in the federal and defense contracting sector leading up to and since its formal release with v1.0 on January 31, 2020.

Tampa-based CPA firm Schellman & Company has become one of the first certification bodies to receive accreditation to perform accredited assessments against ISO/IEC 27701:2019.

April is now what has grown into National Autism Awareness Month (NAAM). The purpose of NAAM and World Autism Day is to foster understanding, support, and acceptance of autism while educating others.

Every industry has been forced to scale processes and adapt business models to maintain their foothold in a landscape thrown off by COVID19. At Schellman our FedRAMP 3PAO assessment process was ready.

The CCPA went live on January 1, 2020. The California Attorney General (AG) has issued the second and third versions of draft CCPA regulations, following two periods of public comment.