The PCI Security Standards Council announced the latest slate of special interest groups that it will prioritize next year. Merchants, financial institutions, service providers and others voted on a variety of potential SIGs before settling on cloud, ecommerce security and risk assessment.
This is the first time SIG selection was put to a vote, and more than 500 were cast, close to a quarter of the SSC’s participating organizations, said Jeremy King, European director of the PCI SSC, who added that one-third of the votes cast came from outside North America.
PCI SIGs are essentially forums for feedback on topics that ultimately is turned into guidance for interpreting and implementing existing or new mandates to the standard, the SSC said in a release. This year, the SSC released guidance on tokenization, point-to-point encryption and virtualization.
SIGs are made up of merchants, payment processors and qualified security assessors. SIGs must complete their efforts and deliver a guidance document within one year.
This year, voters had seven potential SIGs to choose from, and were asked to select a top three. The seven, according to the Storefront BackTalk blog, were: administrative access to systems and devices; how to write a risk assessment; patch management; ecommerce guidelines; PCI in the cloud; small business and PCI; and managing hosted service providers.