Application Containers & Microservices

PCI Information Supplement: Guidance for Containers and Container Orchestration Tools

  • 1.  PCI Information Supplement: Guidance for Containers and Container Orchestration Tools

    Posted Sep 23, 2022 05:44:00 AM
      |   view attached
    Hi All,

    PCI Standards Security Council just issued Information Supplement: Guidance for Containers and Container Orchestration Tools

    This document provides guidance for the secure use of containers and container orchestration tools in a payment environment. To contextualize container orchestration tool-specific threats and best practices in a way that is meaningful to PCI stakeholders, this document presents best practice controls of common container use cases. Through this approach, this guide will benefit merchants, service providers, and assessors in understanding how controls may be applied to securing various containerized environments.

    The guidance in this document is structured in three parts:
    1. A high-level description of containers and container orchestration tools.
    2. A list of threats, and the best practice controls intended to address them, identified by common container orchestration use cases.
    3. Use case descriptions and example threats to illustrate the application of specific best practices. This document provides supplemental guidance which does not add, extend, replace, or supersede requirements in any PCI Security Standards Council (PCI SSC) standard. The PCI SSC is not responsible for enforcing compliance with any of its standards. Entities and third-party service providers should work with their acquirers and/or payment brands to understand any compliance validation and reporting responsibilities.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------