On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, "Guidelines for API Protection for Cloud-Native Systems." The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps streamline the process by integrating many of these recommendations into a single, cloud-native solution. In this post, we’ll break down the most critical tooling-related recommendations from NIST SP 800-228 and show how Wallarm can help your organization meet them. What is NIST SP 800-228? NIST SP 800-228 aims to assist organizations in identifying and analyzing risks throughout the API lifecycle, implementing security controls in pre-runtime and runtime phases, and evaluating the trade-offs of different protection measures. This enables security practitioners to adopt a risk-based, incremental approach to API security. API Inventory and Discovery NIST recommends that the organization maintain an up-to-date inventory of internal and external APIs, including specifications and ownership details. This is because, without a complete API inventory, organizations risk blind spots where vulnerabilities or unauthorized changes can occur. How Wallarm Can Help Wallarm’s API Discovery module automatically discovers and catalogs APIs, ensuring your API inventory is always current and that every…Read More