U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-190 (Draft)

Application Container Security Guide (2nd Draft)

Date Published: July 2017
Comments Due: August 11, 2017 (public comment period is CLOSED)
Email Questions to: 800-190comments@nist.gov

Author(s)

Murugiah Souppaya (NIST), John Morello (Twistlock), Karen Scarfone (Scarfone Cybersecurity)

Announcement

NIST announces the second public comment release of Draft Special Publication 800-190, Application Container Security Guide. Application container technologies, better known as containers, are a form of operating system virtualization combined with application software packaging. Draft (2nd) SP 800-190 explains the security benefits and concerns associated with container technologies and makes practical recommendations for addressing the concerns when planning for, implementing, and maintaining containers.

Abstract

Keywords

application; application container; application software packaging; container; container security; isolation; operating system virtualization; virtualization
Control Families

Access Control; Configuration Management; System and Communications Protection; System and Information Integrity; Audit and Accountability; Awareness and Training; Identification and Authentication; Incident Response; Risk Assessment

Documentation

Publication:
Draft (2nd) SP 800-190

Supplemental Material:
Comment Template (xls)

Related NIST Publications:
NISTIR 8176 (Draft)

Document History:
04/10/17: SP 800-190 (Draft)
07/13/17: SP 800-190 (Draft)
09/25/17: SP 800-190 (Final)

Topics

Security and Privacy
threats; vulnerability management

Technologies
cloud & virtualization; operating systems

Laws and Regulations
OMB Circular A-130