FY 22 Payment Card Industry Data Security Standard Compliance Steering Committee Report

Fiscal Year 2022

Your Name (Point of Contact):

CARLOS LOBATO

Email (Point of Contact):

clobato@nmsu.edu

Authorizing body or official:

Chancellor

Type of Board:

Standing

Scope of Impact:

System

Board Purpose:

New Mexico State University (NMSU) operates within complex
regulatory environments that are constantly changing. The PCI
DSS Steering Committee (the Committee) was formally
established jointly by the University Controller’s Office and
Chief Information Officer (CIO) to recognize its role in assisting
the university with implementing and maintaining its
compliance program relating to PCI DSS industry standards,
which apply to NMSU since it accepts and processes payment
card payments.
The Committee’s primary function will be to provide
compliance oversight of PCI DSS requirements and to decide
the compliance priorities and order of business relating to
NMSU system wide PCI DSS compliance, as well as to serve in
an advisory capacity to the University Controller and to the
Chief Information Officer, as they fulfill their roles and
responsibilities relating to guiding and monitoring business
operations in the NMSU system wide cardholder data
environment (CDE)

Board Authority:

The Payment Card Industry Data Security Standard (PCI DSS) Compliance Steering Committee under the authority of the Chancellor of New Mexico State University (NMSU) is currently reviewing PCI DSS compliance issues and processes at the NMSU system and addressing areas needing improvement.

Current Chair / Term Ends:

Carlos Lobato and Robert Doyle... ongoing terms

Describe the process for selecting the chair :

The Chief Information Security Officer (CISO) serves as co-chair. The Chief Privacy Officer serves as co-chair and runs the meetings to ensure compliance.

Incoming Chair / Term Begins (if applicable) :

How are the chair and members appointed?:

Combination

Are members subject to a term appointment (three years or less)?:

No

What university function/office is responsible for future appointments?:

Chief Privacy Officer and IT Compliance Officer

What university office/function provides administrative support to this board or committee?:

ICT

How often will this board or committee meet?:

Monthly

Are there any requirements for the number of meetings to be held?:

No

In the past fiscal year, what accomplishments have been made? (if applicable):

This committee has been working to establish processes and oversees the completion of annual self-assessment questionnaires by the various NMSU merchant departments.