PCI Security Standards Council®

2020 Special Interest Group

2020 SIG: Best Practices for Cloud Cryptographic Services

PCI SSC Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards.

Thank you to Participating Organizations that took part in the Special Interest Group (SIG) project selection process. Participating Organizations chose Best Practices for Cloud Cryptographic Services as our 2020 SIG initiative!

Involvement in the SIG is a great way to provide your expertise to the PCI Council and help develop practical payment security resources for the industry.

Participants are expected to actively participate and contribute on scheduled calls, as well as provide expertise and share experience in cloud technologies and infrastructure, cryptography, key management, HSMs, cloud-based cryptographic services, and PCI SSC Standards.

The new SIG will be commencing on Friday, 21 February 2020.

If you are a Participating Organization, QSA (including PA-QSA, P2PE QSA, 3DS Assessor and PFI), CPSA, QPA, ASV or Affiliate Member and would like to join this SIG, please click the ‘Register’ button below and complete the interest form.

Register Here

Special Interest Group (SIG) Proposals FAQ

Who can form a SIG? How can I propose one?

Any Participating Organization (PO) Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), or PCI Council Member* can propose a Special Interest Group during the open proposal period.

At the close of the submission period, PCI SSC reviews and consolidates proposals, and requests that SIG candidates provide presentations for Participating Organization to review via the PO Portal.

If you have any specific questions about the SIG proposal process, please email sigs@pcisecuritystandards.org.

* PCI Council Members is defined as PCI SSC Staff, Payment Brands, Affiliate Members or Strategic Members.

What are some of the areas that SIGs have covered in the past? What topics are appropriate for SIG projects?

Special Interest Group (SIG) initiatives focus on specific payment security challenges that the PCI community wants guidance on addressing. Recent SIG topics include: Cloud Computing, Best Practices for Securing E-Commerce, Third-Party Security Assurance, Best Practices for Maintaining PCI DSS Compliance, Protecting Telephone-based Payment Card Data, and PCI DSS for Large Organizations due to be released in late January 2020.

SIG work may provide clarification on specific requirements within a PCI Security Standard, examine how PCI Security Standards work within any given industry or environment, or any other area that supports PCI SSC’s mission of raising awareness and increasing adoption of PCI Security Standards. Since the PCI SSC is focused on providing tools and resources to secure payment card data within the current payment system, and must also operate within a strict antitrust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG project.

Who leads the SIGs?

A PCI SSC representative chairs, leads, and project manages SIG work. This collaboration frees SIG volunteers to focus on contributing subject matter expertise, without responsibility for logistical matters. This also ensures greater alignment between SIG volunteer contributions and PCI SSC direction.

How are SIGs chosen?

SIGs are chosen directly by the Participating Organization membership that represents merchants, financial institutions, vendors, associations, and payment processors. This is designed to ensure that stakeholders involved in implementing and supporting the PCI Security Standards have, through a formal election process, direct input into the choice of projects that are most beneficial to their needs.

Our website uses both essential and non-essential cookies to analyze use of our products and services. This agreement applies to non-essential cookies only. By accepting, you are agreeing to third parties receiving information about your usage and activities. If you choose to decline this agreement, we will continue to use essential cookies for the operation of the website. View Policy

Powered By OneLink