U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-204 (Draft)

Security Strategies for Microservices-based Application Systems

Date Published: March 2019
Comments Due: April 26, 2019 (public comment period is CLOSED)
Email Questions to: sp800-204-comments@nist.gov

Author(s)

Ramaswamy Chandramouli (NIST)

Announcement

Microservices architecture is increasingly being used to design, develop, and deploy large-scale application systems in both cloud-based and enterprise infrastructures. The resulting application system consists of relatively small, loosely coupled entities called microservices that communicate with each other using lightweight communication protocols. This smaller codebase facilitates faster code development and platform optimization for which network security, reliability, and latency are critical factors.

NIST invites comments on this draft special publication, which outlines strategies for the secure deployment of a microservices-based application. The objective is to enhance its security profile by analyzing 1) the implementation options for core state of practice features, and 2) the configuration options for architectural frameworks such as API gateway and service mesh.  Core features include authentication and access management, service discovery, secure communication protocols, security monitoring, availability/resiliency improvement techniques (e.g., circuit breakers), load balancing and throttling, integrity assurance techniques during induction of new services, and handling of session persistence.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

microservices; load balancing; circuit breaker; Application Programming Interface (API); API gateway; service mesh; proxy
Control Families

Access Control; Configuration Management; Identification and Authentication; System and Communications Protection; System and Information Integrity

Documentation

Publication:
SP 800-204 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
03/25/19: SP 800-204 (Draft)
08/07/19: SP 800-204 (Final)