On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, “Guidelines for API Protection for Cloud-Native Systems.” The document provides a comprehensive framework for securing APIs in cloud-enabled environments.
However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps streamline the process by integrating many of these recommendations into a single, cloud-native solution.
In this post, we’ll break down the most critical tooling-related recommendations from NIST SP 800-228 and show how Wallarm can help your organization meet them.
What is NIST SP 800-228?
NIST SP 800-228 aims to assist organizations in identifying and analyzing risks throughout the API lifecycle, implementing security controls in pre-runtime and runtime phases, and evaluating the trade-offs of different protection measures. This enables security practitioners to adopt a risk-based, incremental approach to API security.
API Inventory and Discovery
NIST recommends that the organization maintain an up-to-date inventory of internal and external APIs, including specifications and ownership details. This is because, without a complete API inventory, organizations risk blind spots where vulnerabilities or unauthorized changes can occur.
How Wallarm Can Help
Wallarm’s API Discovery module automatically discovers and catalogs APIs, ensuring your API inventory is always current and that every endpoint – including shadow, rogue, and zombie APIs – is monitored and documented.
Request/Response Validation and Schema Enforcement
Implementing request/response validation rules against API schemas helps catch malformed or malicious data before it reaches business logic. This validation prevents injection attacks and ensures APIs behave as expected by rejecting non-conforming requests.
How Wallarm Can Help
Wallarm enforces API schemas, blocking and flagging any request or response that deviates from the defined OpenAPI or GraphQL schema to protect your back-end logic.
Sensitive Data Discovery and Monitoring
The NIST guidelines recommend tagging API fields with semantic types, like PII or PHI, to track sensitive data and enforce data loss prevention policies. Tagging data in this way is essential for compliance and helps monitor data flow across services, alerting security teams to potential leaks.
How Wallarm Can Help
Wallarm’s Sensitive Data Detection offers everything you need to detect, monitor, and secure sensitive information in real time. It includes customizable detection rules and out-of-the-box coverage for PII, financial, and healthcare data to help you stay ahead of breaches and compliance violations.
Web API Protection (WAF and Bot/DoS Mitigation)
To block malicious payloads and mitigate Denial of Service (DoS) attacks, NIST recommends deploying tools like Web Application Firewalls (WAFs) and bot detection. These tools help filter out abuse traffic and malicious bots.
How Wallarm Can Help
Wallarm’s advanced API security platform provides real-time defense against API and legacy web application threats by blocking malicious requests, mitigating bots, and throttling potential DoS attacks. What’s more, Wallarm’s platform is capable of protecting modern and legacy API protocols like gRPC, SOAP, REST, and WebSocket. With this consolidated security tool, one can safeguard workloads, applications, and APIs.
Authentication and Authorization Enforcement
NIST recommends ensuring that every API call includes proper authentication and authorization checks, even enforcing two levels of identity – one for the calling server and one for the user. Strong authentication and authorization are core principles of a zero-trust security model, reducing the risk of unauthorized access.
How Wallarm Can Help
While Wallarm does not provide authentication and authorization for APIs, our platform supports these capabilities by identifying rogue APIs that might be missing authentication, ensuring that API endpoints are managed. Further, Wallarm identifies authentication and authorization vulnerabilities that allow attackers to circumvent security controls.
Rate Limiting and Blocking
NIST suggests implementing limits on API usage – such as request rates, payload sizes, and timeouts – to protect against DoS and data scraping attacks. Rate limiting in this way helps prevent abuse by ensuring that no single client can overwhelm the system.
How Wallarm Can Help
Wallarm’s platform includes advanced rate limiting and throttling mechanisms that allow businesses to enforce both global and granular limits, effectively blocking requests from users who exceed safe thresholds.
Observability and Continuous Monitoring
According to NIST, continuously monitoring API access to collect telemetry is required for effective incident detection and post-mortem analysis. This continuous visibility ensures that security teams can quickly identify anomalies, correlate events, and respond to incidents before they escalate.
How Wallarm Can Help
Wallarm delivers comprehensive API observability by logging detailed traffic information and attack vectors, including the ability to review complete API sessions. Moreover, its integration with external monitoring tools ensures that your security team remains well-informed of your security posture in real time.
Schedule a Product Tour Today
Want to find out more about how Wallarm can help you align with the NIST SP 800-228 guidelines, defend and detect API attacks, and protect your organization from threats? Schedule an obligation-free product tour today.
The post Meeting NIST API Security Guidelines with Wallarm appeared first on Wallarm.
