Cybersecurity Insights | Blog | Foregenix

PCI SSC announce new Information Supplement: Guidance for Containers and Container Orchestration Tools

Written by Foregenix | 9/20/22 12:29 PM

The PCI Security Standards Council (PCI SSC), within its strategies, encourages the creation of Special Interest Groups (SIGs) to promote collaboration between industry representatives, subject matter experts, the Participating Payment Brands, and themselves  to allow the development of practical payment security resources. These community-driven initiatives focus on payment security challenges related to PCI Security Standards. Foregenix assessors are proud to contribute to the SIGs by sharing knowledge with industry peers.

As a result of a SIG exercise, the New Information Supplement: Guidance for Containers and Container Orchestration Tools has been published this week. The Foregenix assessors were provided the opportunity to share knowledge and contribute in building this guidance for the secure use of containers and container orchestration tools to educate about threats and best practices in a way that is meaningful to PCI stakeholders in a payment environment.

The published guidance document is intended for use by merchants, service providers, and assessors to support entities with background knowledge, actionable guidance, and practical examples to assist in securing containerized systems against common threats, as a supplement to the PCI standards requirements.

As the PCI Security Standards Council stated in their announcement: 

“Organisations are increasingly adopting container technology to scale, secure, and rapidly deploy the applications used in their payment systems. While employing containers and container orchestration tools may be beneficial in terms of cost, performance, manageability, and security over traditional hardware-based deployment models, use of containers and container orchestration tools is not without security risks. Use case-based examples of some of the threats, and the use of the best practices to address those threats.” 

You can access the informational supplement in the PCI SSC portal by clicking here.

About Foregenix

Since 2009, Foregenix is qualified to deliver against all assessor programs, including PCI DSS, PA-DSS/PCI SSF, P2PE, PCI PIN, 3DS and Card Production (CPSA), PCI Forensic Investigation Services (PFI certified), across all 6 global regions . In addition to the PCI standards, Foregenix provides advisory and assessment services for SWIFT Customer Security Program, Security Testing (Internal, External, Web, Mobile and Cloud Application), Information Security Consultancy, Digital Forensics and Incident Response and Risk Management. Foregenix is the leading advisory team on Point-to-Point-Encryption, having assisted many of the world’s leading payment brands through their P2PE projects.

To view the Foregenix QSA company certificate please visit the PCI Security Standards Council website: www.pcisecuritystandards.org  

About the PCI Security Standards Council

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible, and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches.