Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

NIST SP 800-190 (Initial Public Draft)

Application Container Security Guide

Date Published: April 2017
Comments Due: May 18, 2017 (public comment period is CLOSED)
Email Questions to: 800-190comments@nist.gov

Author(s)

Murugiah Souppaya (NIST), John Morello (Twistlock), Karen Scarfone (Scarfone Cybersecurity)

Announcement

NIST announces the public comment release of Draft Special Publication 800-190, Application Container Security Guide. Application container technologies, better known as containers, are a form of operating system virtualization combined with application software packaging. Draft SP 800-190 explains the security benefits and concerns associated with container technologies and makes practical recommendations for addressing the concerns when planning for, implementing, and maintaining containers.

Abstract

Keywords

application; application container; application software packaging; container; container security; isolation; operating system virtualization; virtualization
Control Families

Access Control; Configuration Management; System and Communications Protection; System and Information Integrity

Documentation

Publication:
Draft SP 800-190 (pdf)

Supplemental Material:
Comment Template (xlsx)

Document History:
04/10/17: SP 800-190 (Draft)
07/13/17: SP 800-190 (Draft)
09/25/17: SP 800-190 (Final)

Topics

Security and Privacy

threats, vulnerability management

Technologies

cloud & virtualization, operating systems

Laws and Regulations

OMB Circular A-130