U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-190

Application Container Security Guide

Date Published: September 2017

Planning Note (09/04/2020):

A Japanese translation of this publication is now available from the Information-technology Promotion Agency (IPA), Japan.

(DISCLAIMER: This translation is not an official U.S. Government or NIST translation.  The U.S. Government does not make any representations as to the accuracy of the translation. The official publication is available at https://doi.org/10.6028/NIST.SP.800-190.)


Murugiah Souppaya (NIST), John Morello (Twistlock), Karen Scarfone (Scarfone Cybersecurity)



application; application container; application software packaging; container; container security; isolation; operating system virtualization; virtualization
Control Families

Access Control; Awareness and Training; Audit and Accountability; Configuration Management; Identification and Authentication; Incident Response; Risk Assessment; System and Communications Protection; System and Information Integrity


Download URL

Supplemental Material:
Japanese translation (unofficial--from IPA, Japan) (pdf)

Related NIST Publications:
IR 8176
ITL Bulletin
IR 8176 (Draft)

Document History:
04/10/17: SP 800-190 (Draft)
07/13/17: SP 800-190 (Draft)
09/25/17: SP 800-190 (Final)


Security and Privacy

threats, vulnerability management


cloud & virtualization, operating systems

Laws and Regulations

OMB Circular A-130