Enterprises seeking to leverage containers and microservices in compliance with the Payment Card Industry Data Security Standard (PCI DSS) will find some advantageous synergies between the regulations and the technologies, as well as some aspects that require particularly careful attention
"While PCI-DSS version 3.2, the industry's latest, does not yet specifically address containerized environments, enterprises must nevertheless ensure that appropriate monitoring, security and governance is in place to achieve compliance. This is especially important, as recent reports are showing a struggle to maintain compliance.
Containers and microservices are inherently supportive of PCI DSS compliance across several fronts. In an ideal microservices architecture, each service and container deliver a single function, which is congruent with the PCI DSS requirement to implement only a single primary function with each server. In the same way, containers provide narrow functionality by design, meeting the PCI DSS mandate to enable only necessary protocols and services..."