FY22 Payment Card Industry Data Security Standard (PCI DSS) Compliance Steering Committee | New Mexico State University

Fiscal Year 2022

Your Name (Point of Contact):	CARLOS LOBATO
Email (Point of Contact):	clobato@nmsu.edu
Authorizing body or official:	Chancellor
Type of Board:	Standing
Scope of Impact:	System
Board Purpose:	New Mexico State University (NMSU) operates within complex regulatory environments that are constantly changing. The PCI DSS Steering Committee (the Committee) was formally established jointly by the University Controller’s Office and Chief Information Officer (CIO) to recognize its role in assisting the university with implementing and maintaining its compliance program relating to PCI DSS industry standards, which apply to NMSU since it accepts and processes payment card payments. The Committee’s primary function will be to provide compliance oversight of PCI DSS requirements and to decide the compliance priorities and order of business relating to NMSU system wide PCI DSS compliance, as well as to serve in an advisory capacity to the University Controller and to the Chief Information Officer, as they fulfill their roles and responsibilities relating to guiding and monitoring business operations in the NMSU system wide cardholder data environment (CDE)
Board Authority:	The Payment Card Industry Data Security Standard (PCI DSS) Compliance Steering Committee under the authority of the Chancellor of New Mexico State University (NMSU) is currently reviewing PCI DSS compliance issues and processes at the NMSU system and addressing areas needing improvement.
Current Chair / Term Ends:	Carlos Lobato and Robert Doyle... ongoing terms
Describe the process for selecting the chair :	The Chief Information Security Officer (CISO) serves as co-chair. The Chief Privacy Officer serves as co-chair and runs the meetings to ensure compliance.
Incoming Chair / Term Begins (if applicable) :
How are the chair and members appointed?:	Combination
Are members subject to a term appointment (three years or less)?:	No
What university function/office is responsible for future appointments?:	Chief Privacy Officer and IT Compliance Officer
What university office/function provides administrative support to this board or committee?:	ICT
How often will this board or committee meet?:	Monthly
Are there any requirements for the number of meetings to be held?:	No
In the past fiscal year, what accomplishments have been made? (if applicable):	This committee has been working to establish processes and oversees the completion of annual self-assessment questionnaires by the various NMSU merchant departments.