Following its annual Special Interest Group (SIG) election process, the PCI Security Standards Council has confirmed the winning SIG topic for 2021. The Council’s Participating Organizations voted to select “Best Practices for Container Orchestration” as the focus for the year ahead.
Containerization is an increasingly popular operating system virtualization methodology that allows for the creation of what are known as "containers". Containers can be used for various needs, such as microservices, batch processing, application portability, platform as a service (PaaS), and many others. Container orchestration tools provide a means of automating the provisioning, deployment, management, scaling and security of containers throughout their lifecycle. The goal of the SIG is to provide guidance for companies on how to enhance security when using container orchestration tools in their virtual or cloud infrastructure. This guidance will include an overview of container orchestration tools as well as a breakdown of payment industry considerations for critical components of typical system implementations.
SIGs are community-driven initiatives that play a key role in the development of resources for the payment card industry. To be successful, SIGs require active participation and contributions from its stakeholders. SIG participants are expected to be actively involved and contribute during scheduled calls, sharing their expertise and experience in container platforms and technologies, container lifecycle management, virtualization management, cloud architecture and management, security considerations for container deployments, and related fields.
“Special Interest Groups continue to be critical forums for industry participation in payment security initiatives,” said Emma Sutcliffe, SVP Standards Officer, PCI Security Standards Council. “Active involvement in the SIG is a great way to provide your expertise to the PCI Council and help develop practical payment security resources for the industry.”
The new SIG is slated to kick off in February 2021. Participation in the SIG is open to all Participating Organizations (PO), Qualified Security Assessors (QSA), Approved Scanning Vendors (ASV), Qualified PIN Assessors (QPA), Card Production Security Assessors (CPSA), and Software Security Framework (SSF) Assessors. The Council invites those who are interested in getting involved in this SIG project to register here.
If you would like to join the SIG, but are not yet a Participating Organization, learn more about becoming one here: Benefits of Becoming a Participating Organization.