The
objective
is
to
develop
guidance
to
support
the
secure,
consistent,
and
accurate
PCI
DSS
scoping
and
segmentation
practices
for
modern
network
architectures.
The
SIG
considerations
will
include:
-
Determining
the
impact
of
zero-trust
networks/architectures
on
PCI
DSS
scope
and
network
segmentation. -
Defining
PCI
DSS
scope
boundaries
in
micro-segmentation
and
multi-cloud
implementations. -
Developing
and
maintaining
PCI
DSS
asset
inventory
for
short-term,
ephemeral
environments.
-
Identification
of
risks
associated
with
implementation
of
modern
network
architectures
due
to
configuration
complexities. -
Guidance
on
specific
requirements
for
verifying
scoping
and
segmentation.
SIGs
are
community-driven
initiatives
that
play
a
key
role
in
the
development
of
resources
for
the
payment
industry.
To
be
successful,
SIGs
require
active
participation
and
contributions
from
its
stakeholders.
SIG
participants
are
expected
to
be
actively
involved
and
contribute
during
scheduled
calls.
The
new
SIG
is
scheduled
to
launch
in
April
2023.
The
Council
is
seeking
participants
that
can
provide
expertise
and
share
experience
in
cloud
technologies,
cloud
security
practices,
zero-trust
architectures/networks,
micro-segmentation,
software-defined
networks,
service
meshes,
and
PCI
DSS.
Participation
in
the
SIG
is
open
to
all
PCI
Participating
Organizations
(PO),
Qualified
Security
Assessors
(QSA),
Approved
Scanning
Vendors
(ASV),
Qualified
PIN
Assessors
(QPA),
Card
Production
Security
Assessors
(CPSA),
and
Software
Security
Framework
(SSF)
Assessors.
The
Council
invites
those
who
are
interested
in
getting
involved
in
this
SIG
project
to
register.
If
you
would
like
to
join
the
SIG,
but
are
not
yet
a
PCI
Participating
Organization,
learn
more
about
how
to
join.