Anthropic-Cybersecurity-Skills/skills/implementing-container-image-minimal-base-with-distroless/references/standards.md

Standards - Distroless Container Images

NIST SP 800-190

• Section 3.1.1: Minimize image content to reduce attack surface
• Section 4.1.1: Use minimal base images for container builds

CIS Docker Benchmark v1.6

• 4.1: Ensure a user for the container has been created
• 4.2: Ensure containers use trusted base images
• 4.6: Ensure HEALTHCHECK instructions have been added
• 4.9: Ensure COPY is used instead of ADD

OWASP Docker Security

• D2: Patch Management Strategies (fewer packages = fewer patches)
• D3: Network Segmentation and Firewalling
• D4: Secure Defaults and Hardening (no shell = hardened by default)