Special Interest Groups
2021 SIG: Best Practices for Container Orchestration
Containerization is an increasingly popular operating system virtualization methodology that allows for the creation of what are known as “containers”. Containers can be used for various needs, such as microservices, batch processing, application portability, platform as a service (PaaS), and many others. Container orchestration tools provide a means of automating the provisioning, deployment, management, scaling and security of containers throughout their lifecycle. The goal of the SIG is to provide guidance for companies on how to enhance security when using container orchestration tools in their virtual or cloud infrastructure. This guidance will include an overview of container orchestration tools as well as a breakdown of payment industry considerations for critical components of typical system implementations.
SIGs are community-driven initiatives that play a key role in the development of resources for the payment card industry. Involvement in a SIG is a great way to provide your expertise to the PCI Council and help develop practical payment security resources for the industry.
To be successful, SIGs require active participation and contributions from its stakeholders. SIG participants are expected to be actively involved and contribute during scheduled calls, sharing their expertise and experience in container platforms and technologies, container lifecycle management, virtualization management, cloud architecture and management, security considerations for container deployments, and related fields.
Special Interest Group (SIG) Proposals FAQ
Participating Organizations (PO), Qualified Security Assessors (QSA), Approved Scanning Vendors (ASV), Qualified PIN Assessors (QPA), Card Production Security Assessors (CPSA), Software Security Framework (SSF) Assessors, Founding Members, Strategic Members, and Affiliate Members may propose a Special Interest Group during the proposal period.
A PCI SSC representative chairs, leads and project manages SIG work. This collaboration allows SIG volunteers to focus on contributing subject matter expertise and developing content, without responsibility for logistical matters. This structure also ensures continued alignment between SIG contributions and PCI SSC direction.
While PCI SSC provides support and facilitates the SIG process, it is the active participation and contributions by stakeholders that make a SIG successful. Participating in the SIG process, whether submitting a proposal, voting for a proposal, or serving as a lead contributor to a SIG deliverable, is one of the best ways PCI stakeholders can take part in our mission to increase payment data security globally.
SIG topics are proposed and chosen by the Participating Organization membership, which represents merchants, financial institutions, vendors, associations, and payment processors. This ensures that the stakeholders involved in implementing and supporting the PCI Security Standards can select which SIG projects would be most beneficial to their needs.
SIG topics may be proposed during a defined submission period. At the close of the submission period, SIG proposals are consolidated and presentations are prepared for Participating Organizations to review via the PCI portal. An election period is then initiated for Participating Organizations to vote on their preferred SIG topics. After voting is concluded, the PCI SSC shares the results and works with the selected group to create a charter for the new SIG.