Application Container Security Guide

Souppaya, Murugiah; Morello, John; Scarfone, Karen

doi:https://doi.org/10.6028/NIST.SP.800-190

SP 800-190

Application Container Security Guide

Documentation Topics

Date Published: September 2017

Planning Note (9/4/2020):

A Japanese translation of this publication is now available from the Information-technology Promotion Agency (IPA), Japan.

(DISCLAIMER: This translation is not an official U.S. Government or NIST translation. The U.S. Government does not make any representations as to the accuracy of the translation. The official publication is available at https://doi.org/10.6028/NIST.SP.800-190.)

Author(s)

Murugiah Souppaya (NIST), John Morello (Twistlock), Karen Scarfone (Scarfone Cybersecurity)

Abstract

Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This publication explains the potential security concerns associated with the use of containers and provides recommendations for addressing these concerns.

Keywords

application; application container; application software packaging; container; container security; isolation; operating system virtualization; virtualization

Control Families

Access Control; Configuration Management; System and Communications Protection; System and Information Integrity; Audit and Accountability; Awareness and Training; Identification and Authentication; Incident Response; Risk Assessment

Documentation

Publication:
SP 800-190 (DOI)
Local Download

Supplemental Material:
Japanese translation (unofficial--from IPA, Japan) (pdf)

Related NIST Publications:
NISTIR 8176
ITL Bulletin

Document History:
04/10/17: SP 800-190 (Draft)
07/13/17: SP 800-190 (Draft)
09/25/17: SP 800-190 (Final)

Topics

Security and Privacy
threats; vulnerability management

Technologies
cloud & virtualization; operating systems

Laws and Regulations
OMB Circular A-130