AGENCY:

U.S. Small Business Administration.

ACTION:

Notice of meeting minutes.

SUMMARY:

The SBA is issuing this notice to publish meeting minutes for the Small Business Information Security Task Force Meeting.

DATES:

1 p.m., Wednesday, December 8, 2010.

ADDRESSES:

The meeting was held via teleconference.

SUPPLEMENTARY INFORMATION:

Pursuant to section 507(i)(4)(A) of the Credit Card Accountability Responsibility and Disclosure Act of 2009, SBA submits the meeting minutes for the third meeting of the Small Business Information Security Task Force. Chairman, Rusty Pickens, called the meeting to order on December 8, 2010 at 1 p.m. Roll call was taken and a quorum was established. Mr. Pickens reported on developments since the last meeting, noting first that comments received on the draft work plan had been incorporated to add new subject areas for academics and technology. Also, Mr. Erdle had prepared a one page document describing available technical certifications for small businesses that he provided to Mr. Pickens as a starting point for collating data on security certification and training. Mr. Pickens undertook to provide the document to the group in advance of the next meeting for review and discussion at the meeting. Subsequently, Mr. Pickens reported on his telephone conversation with Mr. Bob Russo of the PCI Security Standards Council (PCI SSC) to explore the possibility of having Mr. Russo brief the Task Force on the Council's work, and of having the PCI SSC conduct a webinar for the Task Force in the Spring of 2011 on credit card security issues for small businesses. The group then engaged in an open discussion regarding the collection and organization of the data to be included in the Task Force report. Additional subject areas were proposed for potential inclusion, such as government contracting security requirements, protection of customer privacy, and security certification and training applicable to both small business employees and contractors.

Ms. Marx noted that as the Task Force objective originated from the Credit Card Act, a useful starting point for reviewing information available to assist small merchants would be the Payment Card Industry Security Standards, which lay out the requirements for protecting credit card data. The group endorsed Mr. Pickens' proposal for a PCI Standards briefing and webinar; in addition, Ms. Marx offered to provide the group with a link to the PCI SSC's recently launched small business website dedicated to online credit card security.

Before concluding the meeting, the group discussed next steps in organizing the work plan. Mr. Pickens asked for volunteers to adopt each of the broad subject matter categories already identified by the group and to flesh them out with more detail for review at the next meeting Members duly volunteered for certain identified subject areas and Mr. Pickens agreed to suggest other members to accept Start Printed Page 5233responsibility for the remaining areas at a later date.

The next meeting date was determined before the meeting was adjourned at 1:49 p.m.

FOR FURTHER INFORMATION CONTACT:

Rusty Pickens, Special Consultant to the Office of the CIO, U.S. Small Business Administration, Rusty.Pickens@sba.gov.