Security Assurance Requirements for Linux Application Container Deployments

Chandramouli, Ramaswamy

doi:https://doi.org/10.6028/NIST.IR.8176

NISTIR 8176

Security Assurance Requirements for Linux Application Container Deployments

Documentation Topics

Date Published: October 2017

Author(s)

Ramaswamy Chandramouli (NIST)

Abstract

Application Containers are slowly finding adoption in enterprise IT infrastructures. Security guidelines and countermeasures have been proposed to address security concerns associated with the deployment of application container platforms. To assess the effectiveness of the security solutions implemented based on these recommendations, it is necessary to analyze those solutions and outline the security assurance requirements they must satisfy to meet their intended objectives. This is the contribution of this document. The focus is on application containers on a Linux platform.

Keywords

application container; capabilities; Cgroups; container image; container registry; kernel loadable module; Linux kernel; namespace; Trusted Platform Module.

Control Families

Access Control; Configuration Management; System and Communications Protection; System and Information Integrity

Documentation

Publication:
NISTIR 8176 (DOI)
Local Download

Supplemental Material:
None available

Related NIST Publications:
ITL Bulletin
SP 800-190

Document History:
08/01/17: NISTIR 8176 (Draft)
10/11/17: NISTIR 8176 (Final)

Topics

Security and Privacy
assurance; configuration management; security automation; threats; vulnerability management

Technologies
cloud & virtualization

Laws and Regulations
Cybersecurity Strategy and Implementation Plan; Federal Information Security Modernization Act; OMB Circular A-130