PCF Security Guide

For Security Professionals and PCF Users

This guide explains how Pivotal Cloud Foundry (PCF) manages network access, roles and permissions, internal communications, container hardening, and other security issues. It is intended to give security professionals a complete view of PCF security, and to help all PCF users, not just the security experts, keep the platform secure.

Current Security Reports

Pivotal publishes security updates regularly in response to privately- and publicly-reported Common Vulnerabilities and Exposures (CVEs).

Guide Contents

  • Securing Traffic into Cloud Foundry: Configuring and maintaining front-end platform security at the load balancer or router.

  • Identity Management: Managing permissions and trust for PCF user accounts, and user accounts in the underlying IaaS.

  • PCF Network Security: How PCF components and app containers keep network communications secure, and what paths, ports, and protocols the components use to communicate.

  • PCF App and Service Security: Enabling PAS apps to communicate internally with other apps and use service instance credentials securely.

  • CredHub: The credential management tool that BOSH uses to store deployment credentials and that PCF runtimes use to create and manage app and service credentials.

  • Security Processes and Stemcells: How Pivotal responds to security vulnerabilities, and how it tests and updates the versioned operating systems that its products run on.

  • NIST Controls and PCF: Assessment of Pivotal Cloud Foundry against NIST SP 800-53(r4) Controls.

Create a pull request or raise an issue on the source for this page in GitHub