PCI Security Standards Council®

Special Interest Groups


2016 SIG Confirmed

The Council would like to thank all who participated in the 2016 SIG selection process, as well as the many individuals and organizations who submitted SIG proposals this year. Through the election process, the PCI community of Participating Organizations chose Best Practices for Safe-E-Commerce.

This topic will be the next PCI Special Interest Group project undertaken in 2016. The new group will commence in January and the deliverables are expected to be published at the end of 2016.

Council SIG leads will finalize the group Terms of Reference which defines the precise scope of work of the group. The SIGs will begin regular meetings and SIG work in January. If you are interested in participating in the new SIG group in 2016, please register below to express your interest in joining the group. Registrations will be processed before the start of the SIGs in January.

Register

2015 Projects

Effective Daily Log Monitoring

Purpose

Provide guidance and techniques to improve daily log monitoring to meet PCI DSS requirements, including available tools and examples/evidence from recent breaches.

Status

The Effective Daily Log Monitoring SIG is working to finalize the Information Supplement and targeting publication in Q1 2016. For more information on the SIG’s Terms of Reference, please visit the PO Portal.

Managing Shared Responsibilities with Third Party Service Providers

Purpose

Develop guidance on how to accurately report shared responsibilities between assessed entities and their third party service provider(s) to ensure the understanding of the scope of the services provided, as well as both parties' shared responsibilities.

Status

The Shared Responsibilities SIG is working to finalize the Information Supplement and targeting publication in Q1 2016. For more information on the SIG’s Terms of Reference please visit the PO Portal..

* PCI Council Members is defined as PCI SSC Staff, Payment Brands, Affiliate Members or Strategic Members.

Frequently Asked Questions

Who can form a SIG? How can I propose one?

Any Participating Organization (PO) Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and PCI Council Members* are invited to propose a Special Interest Group during an open proposal period that runs between June and July each year.

If you have any specific questions about the SIG proposal process, please email sigs@pcisecuritystandards.org.

Who will lead the SIGs?

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration will free SIG volunteers to focus on contributing subject matter expertise, without responsibility for logistical matters. This also ensures greater alignment between SIG volunteer contributions and PCI SSC direction.

How will SIGs be chosen?

Ultimately, SIGs will be chosen directly by the Participating Organization membership that represents merchants, financial institutions and payment processors - the organizations that are implementing PCI Standards.

After the close of the SIG proposal period, a selected list of proposals will be drawn up by PCI SSC. This process is aimed at consolidating any overlapping proposals and ensuring shortlisted proposals are focused on areas the Council can commit to supporting in the coming year.

Video presentations on selected SIG proposals will be available for review at the North American and European Community Meetings and also on the PCI SSC website. After viewing the videos, Participating Organization Business Contacts will vote via an electronic ballot in the PO Portal, to determine which proposals will be supported by PCI SSC.

What are some of the areas that SIG's have covered in the past? What topics are appropriate for SIG projects?

Topics covered by SIG collaboration and PO participation to date include the following and are available in the Documents Library

SIG work may provide clarification on specific requirements within a PCI Standard, examine how PCI Standards work within any given industry or environment, or any other area that supports the Council's mission of raising awareness and increasing adoption of PCI Standards. Since the Council is focused on providing tools and resources to secure payment card data within the current payment system, and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG project.