PCI Secure Software Framework Adoption Tracker

I’ve written elsewhere about the initial uptake of the PCI Secure Software Framework. We’re rapidly approaching the point in time where the PCI PA-DSS will close for new submissions, and the PCI SSF will be the only show in town for PCI software vendors.

This page will be updated on approximately a monthly basis, to track adoption of the new standard over time. The initial update is for January 2021, since 2021 is the first full year these standards are in operation. What I would expect over the next 6-9 months is a significant uptick in registrations after June. It’s been known for some time that the old PA-DSS is being would down, and so it’s reasonable to expect that organizations are currently going through SSF assessments for existing software.

Without access to private data at various assessor companies it’s hard to gauge exactly how the SSF rollout is going at this point. But by tracking month on month I hope to provide some visibility into this.

Tracking Data

The following data is collected mid-month, every month. That’s enough to illustrate the underlying rates of adoption over time.

MonthSecure SLCPayment Software

Mid-2021 Comments

As of mid-2021, it’s clear that rates are still very low in terms of companies and solutions validated as compliance. What we don’t know from this data is whether there are few or many currently undergoing assessments. That should become clear over the next few months.