Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Security Strategies for Microservices-based Application Systems: NIST Publishes SP 800-204

NIST has published NIST SP 800-204, Security Strategies for Microservices-based Application Systems.

Microservices architecture is increasingly being used to design, develop, and deploy large-scale application systems in both cloud-based and enterprise infrastructures. The resulting application system consists of relatively small, loosely coupled entities called microservices that communicate with each other using lightweight communication protocols. This smaller codebase facilitates faster code development and platform optimization for which network security, reliability, and latency are critical factors.

NIST announces the publication of NIST Special Publication (SP) 800-204, Security Strategies for Microservices-based Application Systems, which outlines strategies for the secure deployment of a microservices-based application. The objective is to enhance the security profile of microservices-based applications by analyzing the implementation options for core state-of-practice features as well as the configuration options for architectural frameworks such as API gateway and service mesh. Core features include authentication and access management, service discovery, secure communication protocols, security monitoring, availability/resiliency improvement techniques (e.g., circuit breakers), load balancing and throttling, integrity assurance techniques during induction of new services, and handling of session persistence. 

Released August 7, 2019, Updated August 27, 2019