Mastercard will be introducing the PCI Software Security Framework (SSF) into Site Data Protection (SDP) Program Standards in Q1 2021. This means all merchants and service providers that use third party-provided payment applications or payment software must either validate that each one is compliant with the PCI Payment Application Data Security Standard (PA-DSS) or the PCI Secure Software Standard, as applicable. It is also strongly recommended that you and your service providers only use software vendors that comply with the PCI Secure Software Lifecycle (Secure SLC) Standard.
What you need to do:
It is strongly recommended that you and your service providers only use software vendors that comply with the PCI Secure Software Lifecycle (Secure SLC) Standard. Click for more on the position Visa and Mastercard take regarding PA-DSS and SSF.