Hi All,
NIST just published NIST SP 800-233 Service Mesh Proxy Models for Cloud-Native Applications Draft Available for Public Comment
The service mesh has become the de facto application services infrastructure for cloud-native applications. It enables an application's runtime functions (e.g., network connectivity, access control, etc.) through proxies that form the data plane of the service mesh. Different proxy models or data plane architectures have emerged, depending on the distribution of the network layer functions (i.e., L4 and L7) and the granularity of association of the proxies to individual services/computing nodes.
The purposes of this document are two-fold:
1. Develop a threat profile for each of the data plane architectures by considering a set of potential threats to various proxy functions and assign scores to the impacts and likelihoods of their exploits.
2. Analyze the service mesh capabilities that are required for each class of cloud-native applications with different risk profiles (i.e., low, medium, and high) and provide recommendations for the data plane architectures or proxy models that are appropriate and applicable for each class.
The public comment period is open through September 3, 2024. See the publication details https://csrc.nist.gov/pubs/sp/800/233/ipd for a copy of the draft and instructions for submitting comments.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------