Helping the Federal Government with NIST SP 800-53 Compliance
StackRox has had Federal intelligence, military, and civilian agencies at the heart of our customer base since our inception. Our extensive work with the Department of Homeland Security, our backing from In-Q-Tel, and our work across multiple U.S. Intelligence Community agencies have shaped our product and brought additional rigor to our development process. We’re excited to extend our support for Federal entities with support for compliance checks for container security controls in NIST SP 800-53.
Cloud service providers selling to the Federal government as well as Federal agencies building their own cloud-native applications must meet the security and privacy obligations outlined under NIST Special Publication 800-53. Meeting these requirements is also important in attaining certification for the Federal Risk and Authorization Management Program (FedRAMP), the Federal government’s “cloud-first” initiative.
Today, StackRox announced enhancements to the StackRox Kubernetes Security Platform to help organizations meet their security and compliance requirements in adherence with NIST SP 800-53. We have built standard-specific compliance checks for container and Kubernetes environments that provide an instant snapshot of compliance status, highlighting each passed and failed compliance check – with drill-down capabilities to identify the clusters, namespaces, and deployments failing the checks. StackRox also provides detailed remediation information and evidence of compliance to simplify the audit process.
NIST 800-53 is a foundational compliance standard for government, and we appreciate the investment StackRox continues to make in supporting this community to secure their cloud-native deployments across build, deploy, and runtime and delivers notable time savings.
Katie Gray, Partners, Investments at In-Q-Tel
Guide to NIST SP 800-190 Compliance in Container Environments
Download this guide to understand the steps needed to comply with NIST SP 800-190 in container environments.
Key benefits
The StackRox Kubernetes Security Platform is the first container and Kubernetes security solution to be certified by the Department of Homeland Security (DHS) for use in its Continuous Diagnostics and Mitigation (CDM) program. With our latest product enhancements, we continue our mission to help federal agencies securely accelerate their move to the cloud by enabling rapid adoption of cloud-native technologies such as containers and Kubernetes.
StackRox makes it easier for agencies to secure their infrastructure across build, deploy, and runtime. The StackRox approach to container security – uniquely designed for Kubernetes environments – empowers federal agencies to:
- get a 360-degree view of their cloud-native infrastructure, including all images, container registries, Kubernetes deployment configurations, container runtime behavior, and more
- protect their systems from vulnerabilities across images, Kubernetes, and running deployments
- ensure compliance with not only Federal standards such as NIST SP 800-53 and 800-90 but also the CIS Benchmarks, PCI, and HIPAA
- leverage the power of Kubernetes to enforce network policies to ensure secure network segmentation
- leverage the rich context from Kubernetes to assess risk across the entire environment to focus remediation efforts.
- identify and remediate misconfigurations across images, container runtimes, clusters, and Kubernetes
- detect anomalous runtime behavior indicative of an attack using a combination of rules, whitelists, baselines, and behavioral modeling
- respond to policy violations and threats, from failing builds and blocking deployments to killing pods and thwarting attacks, using Kubernetes for enforcement
Government agencies looking to benefit from the many advantages of DevOps practices and microservices architectures are diving head first into containerizing their applications, with Kubernetes as their standard orchestrator. As a trusted security partner, StackRox helps these Federal agencies protect their mission critical applications on their cloud-native journey.
Request a free 30-day trial of StackRox today to see the StackRox Kubernetes Security Platform in action in your environment.
*** This is a Security Bloggers Network syndicated blog from The Container Security Blog on StackRox authored by The Container Security Blog on StackRox. Read the original post at: https://www.stackrox.com/post/2020/04/helping-the-federal-government-with-nist-sp-800-53-compliance/
