Check the compliance of your code against the just released PCI DSS v4.0 standard with Sigrid® | Software Security

Share this:

Just days after the launch of the new PCI DSS v4.0 standard, the Sigrid® | Software Assurance platform features support in understanding whether your application safely deals with payment card data or whether known vulnerabilities put you at risk. The 12 control objectives of the updated standard do not only specify security measures to be taken in governance and processes, but also in the practical implementation of the applications and systems hosting and arranging this privacy sensitive data.  SIG, a long time proponent of managing product quality, has incorporated the new version of the PCI DSS standard in its Sigrid® | Software Assurance  platform. With this addition, users can now easily check their applications on the compliance of their source code against the control objectives and get the insight needed to remove blocking and at risk code implementations.

Today’s digital world can be a hazardous place. Luckily there is ample guidance in terms of security guidelines, models and certifications, which help us to get security right. The most recent update comes to us from the Payments Industry: the PCI Data Security Standard (v4.0) [1]. It aims to help us by providing technical and operational control objectives designed to protect account data and reduce the risk of debit and credit card data [1]. The standard itself describes a total of 12 control objectives, specifying how to protect and secure payment data during processing, handling, storage and transmission.

What does the PCI DSS bring me?

PCI DSS is an Information Security standard for organizations that process credit card payments. Organizations in this industry have until Q1 2025 to fully comply with the 12 control objectives as defined in the new version of the standard [2].  Based on our 22 years of experience with evaluating and benchmarking software implementations, SIG underlines the importance of the product quality of the applications handling the card payment data. Although no one can predict the unknown, companies should at least be able to easily detect and discover whether their implementation contains vulnerabilities for which solutions already exist.

Sigrid® is here to help you carry the burden

Whether it is to assist companies in working towards their PCI DSS certification, or only to ensure a basic conformity of secure data handling for those not bothered with the full certification, SIG has chosen to incorporate the PCI DSS standard into its platform. Sigrid® now offers a clear overview of the known vulnerabilities in your application structured according to the 12 PCI DSS control objectives. It allows companies:

  • To quickly understand their risk exposure based on vulnerabilities in code and libraries;
  • To prioritize effort and work to be done based on the severity of the vulnerabilities;
  • To track whether during normal operations new or additional vulnerabilities are introduced.

Better yet, Sigrid® offers this insight as part of the platform that brings a holistic view on code implementation to the fingertips of various stakeholders in the organization. Both the CISO and the developer are able to understand where they stand and how much work still needs to be done to reach compliance. This is because quality characteristics have an effect on each other and software security does not stand alone, but is impacted by the technical quality of the implementation. Next to knowing how secure your implementation is and which vulnerabilities it contains, being able to update and change your code in a fast and agile manner is the second most important thing to deal with vulnerabilities.

The Sigrid® | Software Assurance platform can help organizations in the Financial Services industry to transition from the old PCI DSS v3 requirements for software to the new PCI DSS v4 Control Objectives. With Sigrid®, organizations can perform a quick scan on their software portfolio to perform a gap analysis on where in the landscape they are lacking compliance to the new standard. If you already ran into the update of PCI DSS and are not sure whether your software is ready for it: Sigrid is the easiest way to start and get you in the know.

Want to see how Sigrid® can help you with checking your IT portfolio on compliance? Or how the platform assists you in your journey towards certification? Contact us and we’re happy to show you!

[1] https://www.pcisecuritystandards.org/about_us/press_releases/pr_03312022 

[2] https://blog.pcisecuritystandards.org/countdown-to-pci-dss-v4.0

Related resources