U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-190

Application Container Security Guide

Date Published: September 2017

Planning Note (9/4/2020):

A Japanese translation of this publication is now available from the Information-technology Promotion Agency (IPA), Japan.

(DISCLAIMER: This translation is not an official U.S. Government or NIST translation.  The U.S. Government does not make any representations as to the accuracy of the translation. The official publication is available at https://doi.org/10.6028/NIST.SP.800-190.)


Murugiah Souppaya (NIST), John Morello (Twistlock), Karen Scarfone (Scarfone Cybersecurity)



application; application container; application software packaging; container; container security; isolation; operating system virtualization; virtualization
Control Families

Access Control; Configuration Management; System and Communications Protection; System and Information Integrity; Audit and Accountability; Awareness and Training; Identification and Authentication; Incident Response; Risk Assessment


SP 800-190 (DOI)
Local Download

Supplemental Material:
Japanese translation (unofficial--from IPA, Japan) (pdf)

Related NIST Publications:
ITL Bulletin

Document History:
04/10/17: SP 800-190 (Draft)
07/13/17: SP 800-190 (Draft)
09/25/17: SP 800-190 (Final)


Security and Privacy
threats; vulnerability management

cloud & virtualization; operating systems

Laws and Regulations
OMB Circular A-130