From now through 31 October PCI SSC Participating Organizations are invited to vote on proposals for 2018 Special Interest Group (SIG) projects.
Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards. SIGs bring together experts from across industries and around the world to address the topics that are most important to their payment security efforts, resulting practical and relevant resources that help stakeholders apply PCI Standards to their organizations.
To vote, Participating Organization business contacts must log in to the PCI SSC portal to review the choices and select up to three projects. Please note that the business contact will be the only person with the ability to access the ballot and will submit a vote on behalf of the entire company.
Here is the list of SIG proposals to choose from:
- Update 2014 guidance (Best Practices for Maintaining PCI DSS Compliance), to assist entities in planning and managing ongoing adherence to PCI DSS requirements and to emphasize business-as-usual (BAU) processes, including key activities that may trigger different PCI DSS requirements to be reviewed.
- Create remote access guidance for POS vendors, automated fuel dispenser manufacturers and other third-party service providers for providing remote access to merchants.
- Update 2011 guidance (PCI DSS Virtualization Guidelines), considering the current state of virtualization technology, and including containerization, segmentation, all types of virtualization environments.
- Update 2011 guidance (Protecting Telephone-based Payment Card Data) to include contact center/telephony solutions, including consideration of feedback received during the request for comments period and PCI SSC contributions, and incorporating relevant information from the 2011 Information supplement.
- Create guidance for social engineering awareness and testing, including augmenting security awareness training and selecting qualified testing resources.
- Create guidance for PCI DSS cryptography and key management.
- Create guidance for machine identity protection, to identify the types of machine identities, risk and threats, and operational best practices. SIG will also consider any suggestions relative to PCI DSS requirements for machine identities.
- Create guidance for incident response and first responders to outline and define processes, methodologies, and readiness steps for organizations to react appropriately to potential and actual security events.
SIG election results will be shared in November, after the voting concludes. PCI SSC will then work with those that are selected to create charters prior to the commencement of the new SIGs in early 2018.
Thank you for your participation. This kind of direct involvement by stakeholders is invaluable in our efforts to provide resources that help security payment data.