Tamaño del texto Aumentar el tamaño de la letraDisminuir el tamaño de la letraRestablecer el tamaño de la letra

Special Interest Groups

2015 SIG Election - 13-24 October 2014

PCI Participating Organizations are invited to participate in the 2015 Special Interest Group (SIG) elections to choose the projects that the Council will pursue as SIGs in 2015. Please visit the PO portal to review the proposals for consideration and vote for your top three topic selections. Participating Organizations have from 8:00 a.m. EDT on 13 October 2014, until 11:59 p.m. EDT on 24 October, 2014 to register their votes.

2015 SIG Proposal Topics:

  • Cryptographic Keys and Digital Certificate Security Guidelines
  • Guidance on Determining Shared Responsibilities for Interrelated Third Party Services
  • Guidance on Effective Daily Log Monitoring
  • Guidance on Network Virtualization
  • Guidance on PCI DSS Assessments of Mainframe Environments
  • Unattended Security Guidance for ATMs, Vending and Pay at the Pump
  • Working Forum for Securing Retail Locations

Winners of the election will be announced in early November, with SIGs to officially commence in January 2015.

Note: As a reminder assessors and scanning vendors are invited to propose or join SIGs, but the election process is reserved to POs only. This is designed to ensure that merchants, financial institutions and processors who are involved in implementing the PCI Standards are the focus of an election that will give them the direct choice of which projects would be most beneficial to their needs.

Ready to vote? Cast your ballot here!*
*The Participating Organization Business Contact will be the only person with the ability to access the ballot and will submit a vote on behalf of the entire company.

2014 SIG Projects

Purpose
The purpose of this SIG is to update the PCI DSS Information Supplement: Requirement 11.3 Penetration Testing document released in 2008.

Status
The Penetration Testing Guidance SIG is working to finalize the Information Supplement and targeting publication in Q1 2015. For more information on the SIG's Terms of Reference please visit the PO Portal.

The purpose of this SIG is to provide guidance to organizations looking to implement a formal security awareness program to satisfy PCI DSS Requirement 12.6.

Status
The Security Awareness Program SIG is working to finalize the Information Supplement and targeting publication by the end of 2014. For more information on the SIG's Terms of Reference please visit the PO portal.

2013 SIG Projects

Status
The PCI DSS V3.0 Best Practices for Maintaining PCI DSS Compliance SIG guidance document was published in August 2014. Please visit the Documents Library on our website to review the published document.

Status
The Third-Party Security Assurance SIG guidance document was published in August 2014. Please visit the Documents Library on our website to review the published document.

Special Interest Group participants have made significant contributions to the development of Council Standards, tools and educational resources over the years. The Council recognizes and thanks the many SIG volunteers and their contributions. Outcomes of SIG collaboration and PO participation to date include:

For more information about PCI SSC SIGs, please review the questions on this page or feel free to email us at sigs@pcisecuritystandards.org.

SIG Frequently Asked Questions

Any Participating Organization (PO) Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and PCI Council Members are invited to propose a Special Interest Group during an open proposal period that ran between 2 June and 7 July, 2014.

If you have any specific questions about the SIG proposal process, please email sigs@pcisecuritystandards.org.

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration will free SIG volunteers to focus on contributing subject matter expertise, without responsibility for logistical matters. This also ensures greater alignment between SIG volunteer contributions and PCI SSC direction.

Ultimately, SIGs will be chosen directly by the Participating Organization membership that represents merchants, financial institutions and payment processors - the organizations that are implementing PCI Standards.

After the close of the SIG proposal period, a selected list of proposals will be drawn up by PCI SSC. This process is aimed at consolidating any overlapping proposals and ensuring shortlisted proposals are focused on areas the Council can commit to supporting in the coming year.

Presentations from POs, QSAs, ASVs, and PCI Council Members on selected SIG proposals will be given at the North American and European Community Meetings. After the Community Meetings, Participating Organization Business Contacts will vote via an electronic ballot to determine which proposals will be supported by PCI SSC.

Topics covered by SIG collaboration and PO participation to date include the following and are available in the Documents Library

SIG work may provide clarification on specific requirements within a PCI Standard, examine how PCI Standards work within any given industry or environment, or any other area that supports the Council's mission of raising awareness and increasing adoption of PCI Standards. Since the Council is focused on providing tools and resources to secure payment card data within the current payment system, and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG project.


Volver al principio

El PCI Security Standards Council (el "Concejo") proporciona una serie de herramientas, cuestionarios, orientación, preguntas frecuentes, recursos de capacitación y otros materiales e información para prestar asistencia a organizaciones que buscan el cumplimiento de sus normas (las "Normas"). También hay productos y servicios de terceros disponibles, pero el Concejo no respalda ni recomienda tales productos o servicios de terceros, y recomienda a todas las organizaciones que buscan el cumplimiento de las Normas familiarizarse con las mismas y sus requisitos relacionados antes de adquirir productos o servicios de terceros. En última instancia, se deben cumplir todos los requisitos aplicables a fin de lograr el cumplimiento, independientemente de si se utilizan productos o servicios de terceros o de cuáles sean.
Powered By OneLink