SIGs are PCI community-led initiatives that address specific areas or security challenges in relation to the PCI standards. Participating organizations and members of the assessment community can submit ideas by filling out the online form on the SSC website, beginning June 1 and running through July 25.
Results of SIG collaboration and PCI community participation to date include: EMV, wireless, virtualization, tokenization, risk assessment, e-commerce and cloud computing guidance papers.
For instance, PCI SSC earlier this year released mobile security guidance for merchants, focused specifically on the payment software that operates on these devices. The PCI Mobile Payment Acceptance Security Guidelines for Merchants are designed to educate merchants on what is needed to isolate and prevent card data from exposure.
SIG projects underway now focus on third-party security assurance and best practices for maintaining PCI DSS Compliance. These groups will present updates at the annual PCI Community Meetings, and then will publish the final papers by early 2014.
“The real value in SIGs is that they are driven by the community at large,” said Bob Russo, general manager for the PCI SSC, in a statement. “The ideas come from those who are living and breathing payment card security every day, representing a variety of industries and job functions.”
He added, “Some of our most useful resources are products of these groups’ work. I’m excited to see what the community decides to explore in the coming year.”
At the close of the submission period on July 25, the PCI Council will review and consolidate the list of proposals to be presented by participating organizations and assessors to their peers at the group’s community meetings. The council will then notify the candidates and work with them to create a SIG charter prior to the presentations, to outline a clear understanding of the suggested topic and deliverables. In November, participating organizations can vote in the SIG election, choosing up to three projects they would like the community and council to pursue in partnership over the coming year.