DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » What Is PA-DSS?

What Is PA-DSS?

By: Mitch Ashley on January 11, 2021 1 Comment

If you develop payment application software, you must ensure that it is secure and compliant with PA DSS. Read on to learn more about the payment application security standard.

Recent Posts By Mitch Ashley
  • Fixing Spring4Shell Starts With Software Supply Chain Management
  • Updating and Managing Infrastructure-as-Code (IaC)
  • Log4j: Is There Such a Thing as ‘Too Much’ Open Source?
More from Mitch Ashley
Related Posts
  • What Is PA-DSS?
  • Self-Service Helps Devs Solve Cloud Security and Compliance
  • Achieving Full Disk Encryption and PCI Compliance
    Related Categories
  • Compliance
  • Perforce
    Related Topics
  • pa dss
  • pa dss compliance
  • perforce
  • what is pa dss
Show more
Show less

What You Need to Know About PA DSS

The Payment Application Data Security Standard (PA DSS) is a part of PCI DSS and is a global security standard. PA DSS applies to the development of payment application software. What’s more, if you are a software vendor that makes and sells payment applications, you must comply with PA DSS. This is to ensure the security of all of your software components. Compliance is essential because if you do not comply, you could receive massive fines.

Important Requirements for PA DSS Compliance

The PA DSS requirements apply to the storing, processing and transmitting of cardholder data and sensitive authentication data. There are 14 requirements that every organization that handles credit card information must follow:

  1. Do not retain full track data, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data.
  2. Protect stored cardholder data.
  3. Provide secure authentication features.
  4. Log payment application activity.
  5. Develop secure payment applications.
  6. Protect wireless transmissions.
  7. Test payment applications to address vulnerabilities and maintain payment application updates.
  8. Facilitate secure network implementation.
  9. Cardholder data must never be stored on a server connected to the internet.
  10. Facilitate secure remote access to payment applications.
  11. Encrypt sensitive traffic over public networks.
  12. Secure all non-console administrative access.
  13. Maintain a PA-DSS Implementation Guide for customers, resellers, and integrators.
  14. Assign PA-DSS responsibilities for personnel. And maintain training programs for personnel, customers, resellers, and integrators. The Steps to Achieve PA DSS Compliance.

There are five simple steps in order to comply with PA DSS:

  1. Comply with Requirement 5, which outlines the process for how to develop secure payment applications.
  2. Apply coding standards, such as OWASP, CWE, and CERT.
  3. Train developers in secure coding.
  4. Use a SAST tool to enforce PA DSS requirements automatically.

To read more, please visit: https://www.perforce.com/blog/kw/what-is-pa-dss

Filed Under: Compliance, Perforce Tagged With: pa dss, pa dss compliance, perforce, what is pa dss

Sponsored Content
Featured eBook
DevOps: Mastering the Human Element

DevOps: Mastering the Human Element

While building constructive culture, engaging workers individually and helping staff avoid burnout have always been organizationally demanding, they are intensified by the continuous, always-on notion of DevOps.  When we think of work burnout, we often think of grueling workloads and deadline pressures. But it also has to do with mismatched ... Read More
« Klocwork Is the Ideal Static Analysis Tool for DevOps
Top 10 Common Software Vulnerabilities »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Bring Your Mission-Critical Data to Your Cloud Apps and Analytics
Tuesday, August 16, 2022 - 11:00 am EDT
Mistakes You Are Probably Making in Kubernetes
Tuesday, August 16, 2022 - 1:00 pm EDT
Taking Your SRE Team to the Next Level
Tuesday, August 16, 2022 - 3:00 pm EDT

Latest from DevOps.com

5 Ways to Prevent an Outage
August 15, 2022 | Ashley Stirrup
Techstrong TV: Scratching the Surface of Testing Through AI
August 12, 2022 | Alan Shimel
Next-Level Tech: DevOps Meets CSOps
August 12, 2022 | Jonathan Rende
The Benefits of a Distributed Cloud
August 12, 2022 | Jonathan Seelig
Cycode Expands Scope of AppDev Security Platform
August 11, 2022 | Mike Vizard

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

Hybrid Cloud Security 101
New call-to-action

Most Read on DevOps.com

MLOps Vs. DevOps: What’s the Difference?
August 10, 2022 | Gilad David Maayan
CREST Defines Quality Verification Standard for AppSec Testi...
August 9, 2022 | Mike Vizard
We Must Kill ‘Dinosaur’ JavaScript | Microsoft Open Sources ...
August 11, 2022 | Richi Jennings
GitHub Brings 2FA to JavaScript Package Manager
August 9, 2022 | Mike Vizard
CloudNativeDay: WASM to Drive Next IT Epoch
August 10, 2022 | Mike Vizard

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.