A microservice architecture provides services that are independently deployable. In a microservice architecture, services (or microservices) are fine-grained and protocols are typically lightweight. This makes a microservice application easy to understand, develop, test, etc. Microservices can be implemented using different programming languages, databases, and hardware and software environments. Today, microservices are small in size, messaging enabled, bounded by contracts, autonomously developed, independently deployable, decentralized and often built, and released with automated processes. A microservice is not a layer within a monolithic application, but rather, is a self-contained operation or function with clear interfaces, and may have its own internal components and implement a layered architecture. A microservice architecture is commonly adopted for cloud-native applications, and applications using lightweight container deployment.
In operation, a microservice may need to comply with one or more sets of regulations. For instance, a payment microservice needs to comply with the Payment Card Industry Data Security Standard (PCI DSS), which is an information security standard for organizations that handle branded credit cards. The PCI standard is mandated and administered by the Payment Card Industry Security Standards Council, with the set of regulations to be complied with being available on the PCI DSS compliance authority website. Validation of compliance is typically performed periodically manually, such as by, for instance, an external qualified security accessor, or by a firm-specific internal security accessor (ISA) who creates a report on compliance for an organization, and/or via a self-assessment questionnaire (SAQ) report prepared internally.