Companion Guide to NIST's Container Security SP
Twistlock’s Companion Guide to NIST Container Security SP is designed to provide a diverse set of readers–from engineers to CISOs, with a clear understanding of the threat model and recommended defenses for a cloud native environment. The guide addresses top challenges and helps organizations enable countermeasures, specifically through Twistlock, that meet NIST compliance guidelines more quickly and easily.
The NIST team develops security standards that help protect hundreds of millions of PCs and servers around the world, and NIST 800 series Special Publications are seen as the gold standard for understanding the threats and countermeasures for protecting critical software infrastructure. The SP 800-190 guide takes the same, consistent threat modeling approach as previous NIST SPs and applies it to the cloud native stack from hypervisor to container runtime to orchestrator and across the whole application lifecycle, from the beginning of the CI process to production.
John Morello, CTO of Twistlock, partnered with NIST to draft SP 800-190, had this to say about the SP and Twistlock’s companion guide: “The existence of the container security SP is a great validation of containers as a first tier enterprise technology. But, implementation comes with its challenges. Enforcing compliance across the entire cloud native ‘stack’ isn’t easy. The Twistlock Companion Guide sets out to solve those challenges, taking a prescriptive approach to the steps required to enforce NIST compliance, so it acts as a sort of deployment template. By enabling countermeasures through Twistlock, organizations can implement the NIST recommendations with minimal extra configuration.”
Real World Security: Software Supply Chain – Dockercon EU 2017 Session
Modern App Security Requires Containers – Dockercon EU 2017 Panel
Get Stronger Security through Containers and Machine Learning – Dockercon EU 2017 session
The Proactive Security Paradigm
How Twistlock works with any orchestration tool (eg. Kubernetes, OpenShift, Amazon ECS, Docker Swarm DC/OS)