Special Interest Groups

Participating Organizations (PO), Qualified Security Assessors (QSA), Approved Scanning Vendors (ASV), Qualified PIN Assessors (QPA), Card Production Security Assessors (CPSA), Software Security Framework (SSF) Assessors, Founding Members, Strategic Members, and Affiliate Members may propose a Special Interest Group during the proposal period.

If you have any questions about the SIG proposal process, please contact sigs@pcisecuritystandards.org.

Special Interest Group (SIG) initiatives focus on specific payment security technologies or challenges about which the PCI community wants to provide guidance. Recent SIG topics include: Guidance for Containers and Container Orchestration Tools,  Cloud Computing, Best Practices for Securing E-Commerce, Third-Party Security Assurance, Best Practices for Maintaining PCI DSS Compliance, Protecting Telephone-based Payment Card Data, and PCI DSS for Large Organizations.

SIG initiatives may provide clarification on specific requirements within a PCI Security Standard, examine how PCI Security Standards work within a given industry or environment, or cover any other area that supports PCI SSC’s mission of raising awareness and increasing adoption of PCI Security Standards. Since the PCI SSC is focused on providing tools and resources to secure payment card data within the current payment system and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG.

SIG topics are chosen by the PCI SSC Participating Organizations, which represent merchants, financial institutions, vendors, associations, and payment processors. This ensures that the stakeholders involved in implementing and supporting the PCI Security Standards can select which SIG projects would be most beneficial to their needs.

SIG topics may be proposed during a defined submission period. At the close of the submission period, SIG proposals are consolidated, and presentations are prepared for Participating Organizations to review via the PCI portal. An election period is then initiated for Participating Organizations to vote on their preferred SIG topics. After voting is concluded, PCI SSC announces the results and works with the selected group to create a charter for the new SIG.

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration allows SIG volunteers to focus on contributing subject matter expertise and developing content, without responsibility for logistical matters. This structure also ensures continued alignment between SIG contributions and PCI SSC direction.

While PCI SSC provides support and facilitates the SIG process, it is through active participation and contributions by stakeholders that make a SIG successful. Participating in the SIG process, whether submitting a proposal, voting for a proposal, or serving as a lead contributor to a SIG deliverable, is one of the best ways PCI stakeholders can take part in our mission to increase payment data security globally.

At the close of the submission period, the PCI SSC will review and consolidate proposals, and SIG candidates will provide presentations for Participating Organization review via the PO portal.

The SIG election will be run via the PO portal from Monday, 6 February through Friday, 17 February 2023. Participating Organizations will be able to select and prioritize a minimum of two and a maximum of three SIG proposals.  Upon completion of the election process, the results will be announced and PCI SSC will provide information about the launch of the new SIG.