Special Interest Groups

Special Interest Groups

Special Interest Groups (SIGs) are community-driven initiatives that play a key role in the development of resources for the payment card industry. Involvement in a SIG is a great way to provide your expertise to the PCI Council and help develop practical payment security resources for the industry.

Following the Special Interest Group (SIG) election process, the PCI Security Standards Council has confirmed the winning SIG topic for 2023 is “Scoping and Segmentation for Modern Network Architectures” as the focus for the year ahead. The objective is to develop guidance to support the secure, consistent, and accurate PCI DSS scoping and segmentation practices for modern network architecture. For more information, please read our blog post.

The new SIG is scheduled to launch in April 2023. The Council is seeking participants that can provide expertise and share experience in cloud technologies, cloud security practices, zero-trust architectures/networks, micro-segmentation, software-defined networks, service meshes, and PCI DSS. Participation in the SIG is open to all PCI Participating Organizations (PO), Qualified Security Assessors (QSA), Approved Scanning Vendors (ASV), Qualified PIN Assessors (QPA), Card Production Security Assessors (CPSA), and Software Security Framework (SSF) Assessors. The Council invites those who are interested in getting involved in this SIG project to register.

Special Interest Group (SIG) Proposals FAQ

Participating Organizations (PO), Qualified Security Assessors (QSA), Approved Scanning Vendors (ASV), Qualified PIN Assessors (QPA), Card Production Security Assessors (CPSA), Software Security Framework (SSF) Assessors, Founding Members, Strategic Members, and Affiliate Members may propose a Special Interest Group during the proposal period.

If you have any questions about the SIG proposal process, please contact sigs@pcisecuritystandards.org.

Special Interest Group (SIG) initiatives focus on specific payment security technologies or challenges about which the PCI community wants to provide guidance. Recent SIG topics include: Guidance for Containers and Container Orchestration Tools Cloud ComputingBest Practices for Securing E-CommerceThird-Party Security AssuranceBest Practices for Maintaining PCI DSS ComplianceProtecting Telephone-based Payment Card Data, and PCI DSS for Large Organizations.

SIG initiatives may provide clarification on specific requirements within a PCI Security Standard, examine how PCI Security Standards work within a given industry or environment, or cover any other area that supports PCI SSC’s mission of raising awareness and increasing adoption of PCI Security Standards. Since the PCI SSC is focused on providing tools and resources to secure payment card data within the current payment system and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG.

SIG topics are chosen by the PCI SSC Participating Organizations, which represent merchants, financial institutions, vendors, associations, and payment processors. This ensures that the stakeholders involved in implementing and supporting the PCI Security Standards can select which SIG projects would be most beneficial to their needs.

SIG topics may be proposed during a defined submission period. At the close of the submission period, SIG proposals are consolidated, and presentations are prepared for Participating Organizations to review via the PCI portal. An election period is then initiated for Participating Organizations to vote on their preferred SIG topics. After voting is concluded, PCI SSC announces the results and works with the selected group to create a charter for the new SIG.

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration allows SIG volunteers to focus on contributing subject matter expertise and developing content, without responsibility for logistical matters. This structure also ensures continued alignment between SIG contributions and PCI SSC direction.

While PCI SSC provides support and facilitates the SIG process, it is through active participation and contributions by stakeholders that make a SIG successful. Participating in the SIG process, whether submitting a proposal, voting for a proposal, or serving as a lead contributor to a SIG deliverable, is one of the best ways PCI stakeholders can take part in our mission to increase payment data security globally.

The 2023 SIG topic was announced on 15 March 2023 and is scheduled to start in April 2023. The Council invites those who are interested in getting involved in this SIG project to register HERE.