NIST Special Publication 800 -180 (DRAFT) 1 2 3 NIST Definition of Microservices, 4 Application Containers and 5 System Virtual Machines 6 7 8 Anil Karmel 9 Ramaswamy Chandramouli 10 Michaela Iorga 11 12 13 14 15 This publication i s available free of charge 16 17 18 19 C O M P U T E R S E C U R I T Y 20 21 22 NIST Special Publication 800 -180 (DRAFT) 23 24 NIST Definition of Microservices, 25 Application Containers and 26 System Virtual Machines 27 28 Anil Karmel 29 C2 Labs, Inc. 30 Reston, VA 31 32 Ramaswamy Chandramouli 33 Michaela Iorga . 34 Computer Security Division 35 Information Technology Laboratory 36 37 38 This publicat ion is available free of charge 39 40 41 42 February 2016 43 44 45 46 47 U.S. Department of Commerce 48 Penny Pritzker, Secretary 49 50 National Institute of Standards and Technology 51 Willie May , Under Secretary of Commerce for Standards and Technology and Director 52 ii Authority 53 This publication has been developed by NIST in accordance with its statutory responsibilities under the 54 Federal Information Security M odernization Act (FISMA) of 2014 , 44 U.S.C. § 3541 et seq., Public Law 55 (P.L.) 113 -283. NIST is responsible for developing information security standards and guidelines, 56 including minimum requirements for f ederal information systems, but such standards and guidelines shall 57 not apply to national security syst ems without the e xpress approval of appropriate f ederal officials 58 exercising policy authority over such systems. This guideline is consistent with the requirements of the 59 Office of Management and Budget (OMB) Circular A -130. 60 Nothing in this publication sho uld be taken to contradict the standards and guidelines made mandatory 61 and bi nding on f ederal agencies by the Secretary of Commerce under statutory authority. Nor should 62 these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of 63 Commerce, Dir ector of the OMB, or any other f ederal official. This publication may be used by 64 nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States. 65 Attribution would, however, be appreci ated by NIST. 66 National Institute of Standards and Technology Special Publication 800 -180 67 Natl. Inst. Stand. Technol. Spec. Publ. 800 -180, 12 pages ( February 2016) 68 CODEN: NSPUE2 69 This publication is available free of charge 70 71 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 72 experimental procedure or concept adequately. Such identification is not intended to imply recommendation or 73 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 74 available for the purpose. 75 There may be references in this publication to other publications currently under development by NIST in 76 accordance with its assigned statutory responsibilities. The information in this publication, including concepts and 77 methodologies, may be used by f ederal agencies even before the completion of such companion publications. Thus, 78 until each publication is comp leted, current requirements, guideline s, and procedures, where they exist, remain 79 operative. For pla nning and transition purposes, f ederal agencies may wish to closely follow the development of 80 these new publications by NIST. 81 Organizations are encouraged to review all draft publications during public comment periods and provide feedback 82 to NIST. All NIST Computer Security Division publications , other than the ones noted above, are available at 83 http://csrc.nist.gov/publications . 84 Comments on this publication may be submitted to: 85 Public comment period: February 18, 2016 through March 18, 2016 86 All comme