Press Release

ControlScan Becomes One of the First PCI Software Security Framework Assessor Companies

Expanded application security assessment services give ControlScan customers more flexibility and increased software security      

PCI Software Security - SSF Secure Software Validation Services by ControlScanATLANTA, Mar 18, 2020 - ControlScan, a leader in managed security and compliance solutions that help secure IT networks and protect payment card data, has become one of the first Software Security Framework Assessor companies to be listed by the PCI Security Standards Council.

Software vendors for point-of-sale, middleware, payment switches, kiosks, shopping carts, call centers, fuel dispensers, and other transaction-related applications who validate according to the new SSF program can benefit from its streamlined process that supports efficient and agile code releases and defends against constantly evolving security attacks.

“The Software Security Framework really has changed the game for application security,” said Sam Pfanstiel, Director of Security Consulting Services, ControlScan. “The new set of standards is much more streamlined to accommodate today’s accelerated software lifecycle, because it supports the latest software integrity testing technologies while also giving significant consideration to the maturity of the vendor’s application design, development and management practices.”

ControlScan assessors are qualified to test for both secure software lifecycle (Secure SLC) and Secure Software. A combined assessment methodology enables quick and confident evidence collection and testing for listing as a Secure SLC Qualified Vendor and/or Validated Payment Software. In addition, these certifications work together to assure merchant and acquiring customers that such software will support their own PCI DSS compliance.

“We recommend the combined audit approach, since companies listed as Secure SLC Vendors can now self-attest to low-impact application changes without undergoing a third-party audit,” Pfanstiel said. “This can significantly reduce their time-to-market for software enhancements.”

The company’s SSF advisory services also support gap analyses against either or both assessment types, providing a clear path to compliance and listing under the new SSF program. In addition, ControlScan can produce white papers that detail the impact of a company’s SSF compliance to support its customers' PCI compliance.

The new SSF program will fully replace the Council’s Payment Application Data Security Assessor (PA-DSS) program by 2022, but ControlScan encourages eligible entities to utilize it now. For more information about ControlScan’s Software Security Framework validation services, please click here.

About ControlScan                                                  

ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit