Search


Guidance on Secure Containers and Microservices

(Français)

With the introduction of cloud services and the adoption of “continuous deployment” of software services, the movement of applications from one environment to another and within an environment is required to be agile and predictable. Container technology (OS virtualization) enables software to deploy quickly and run predictably when moved from one environment to another. Further, microservices are established when a set of containers work together to compose an application. While this approach improves flexibility and scalability for application development and simplifies functionality, it adds another layer of abstraction that must be secured.

This guidance provides recommendations to secure containers and microservices when deploying Government of Canada (GC) services. It highlights the controls, configuration and tools to secure GC workloads running in containers and orchestrators and recommendations for compliance verification.

Table of Contents

List of Tables

List of Figures

List of Abbreviations and Acronyms

Abbreviation Definition
CIRT Computer Incident Response Team
CONOPS Concept of Operations
CSE Communications Security Establishment
CS EMP Cyber Security Event Management Plan
CSP Cloud Service Provider
FedRAMP Federal Risk and Authorization Management Program
GC Government of Canada
GSRM Government of Canada Strategic Reference Model
IaaS Infrastructure as a Service
IPC Information Protection Centre
IT Information Technology
ITSG Information Technology Security Guidance
LAN Local Area Network
NIST National Institute of Standard and Technology
PAA Program Alignment Architecture
PaaS Platform as a Service
PBMM Protected B, Medium Integrity, Medium Availability
PIA Privacy Impact Assessment
PoAM Plan of Actions and Milestones
RACI Responsible, Accountable, Consulted, Informed
SaaS Software as a Service
SDLC System Development Lifecycle
SLA Service Level Agreement
SSC Shared Services Canada
TBS Treasury Board of Canada Secretariat
ULL Unclassified, Low Integrity, Low Availability

How to Contribute

See CONTRIBUTING.md

License

Unless otherwise noted, the source code of this project is covered under Crown Copyright, Government of Canada, and is distributed under the MIT License.

The Canada wordmark and related graphics associated with this distribution are protected under trademark law and copyright law. No permission is granted to use them outside the parameters of the Government of Canada’s corporate identity program. For more information, see Federal identity requirements.


Gabarit pour dépôts de code source ouvert du gouvernement du Canada

Comment contribuer

Voir CONTRIBUTING.md

Licence

Sauf indication contraire, le code source de ce projet est protégé par le droit d’auteur de la Couronne du gouvernement du Canada et distribué sous la licence MIT.

Le mot-symbole « Canada » et les éléments graphiques connexes liés à cette distribution sont protégés en vertu des lois portant sur les marques de commerce et le droit d’auteur. Aucune autorisation n’est accordée pour leur utilisation à l’extérieur des paramètres du programme de coordination de l’image de marque du gouvernement du Canada. Pour obtenir davantage de renseignements à ce sujet, veuillez consulter les Exigences pour l’image de marque.

Page details

Date modified: