From Heartbeat to Holistic Implementation — Secure Cloud Native Deployments with FIPS 140-2 and DISA STIG

Michelle Yakura - August 25, 2021 - , , , , ,

Cybersecurity has become national security as parties both foreign and domestic increasingly try to hack into government information systems. It is no wonder then that U.S. federal requirements for information security have also become the gold standard for cybersecurity in financial services, telecommunications, healthcare and other regulated markets. 

In cloud computing, chief among these requirements are FIPS 140-2, a security standard for cryptographic modules published by the National Institute for Standards and Technology (NIST), and DISA STIG, a set of best practices from the Department of Defense. Designed to be “secure by default,” the Mirantis Cloud Native Platform portfolio features FIPS 140-2 and DISA STIG compliant products to offer organizations the assurance and convenience of ready-to-deploy solutions validated for the highest levels of protection.

Achieving Compliance with FIPS 140-2 and DISA STIG

This month, Mirantis announced a new certificate of FIPS 140-2 validation covering encryption modules for the following products:

Additionally, we have achieved DISA STIG compliance for Swarm-based solutions and are in the process of acquiring compliance for Kubernetes. 

Mirantis has more than 100 government customers across four continents, ranging from military forces and securities commissions to health ministries and transportation agencies. Our FIPS 140-2 validation is essential to our business with U.S. federal agencies, as procurement officers will only talk to cloud computing vendors that are compliant. Similarly, doing business with the U.S. military requires DISA STIG compliance. 

Increasingly, enterprises in industries as diverse as banking, insurance, healthcare, retail, manufacturing, and telecommunications are also mandating or prioritizing FIPS 140-2 and DISA STIG compliant solutions.

So how do FIPS 140-2 and DISA STIG relate within a cloud native deployment?

The Onion Metaphor

You didn’t expect to read about onions in this blog, now did you? I also was surprised when I heard one of Mirantis’ top cloud security experts refer to this metaphor, but it makes sense. Cloud security, like an onion, has many layers. Standards like FIPS 140-2 are at the core of the onion, because it provides secure communication. By implementing FIPS 140-2 right at the container runtime, Mirantis Cloud Native Platform secures the heartbeat of container operations, protecting any operation that involves a container action, whether it’s starting up a container, deleting a container, scaling up a container, etc.

Moving outward from the core, we implement security at the cluster level. Recently, Mirantis expanded our FIPS 140-2 validation with encryption modules licensed for Mirantis Kubernetes Engine, our container management platform, and k0s, a lightweight open source Kubernetes distribution. By implementing FIPS 140-2 at the orchestration layer, we also protect any operation that involves a cluster action, such as deploying applications with Kubernetes or Swarm, scaling clusters, managing and deploying private images, etc. 

Many of our customers need to achieve FIPS 140-2 certification for their entire solution stack, so integrating the already FIPS-validated Mirantis products makes their own certification process easier. Having FIPS 140-2 validation for k0s is especially important for edge computing and IoT use cases, to provide high security at remote locations with a small footprint.

As you expand further towards the outer layers of the onion, then DISA STIG provides a set of rules that should be followed to secure a cloud native deployment from a more holistic approach. DISA STIG factors in the entire implementation of your cloud solution, including your adherence to best practices, the processes you use to govern operations, and how you secure your software supply chain.

So if you’re concerned about protecting your Kubernetes or Swarm deployments, Mirantis Cloud Native Platform has got you covered on multiple fronts, ranging from the core of container operations to the orchestration layer to the implementation as a whole.

To learn more about FIPS 140-2 and DISA STIG, we invite you to join Mirantis security expert Bryan Langston on Tuesday, August 31 for a webinar, Real Verifiable Security.

Python for Mere Mortals
Updated for Python 3, download free of charge.
Download Now
Moving to Cloud Native: How to Move Apps from Monolithic to Microservices

Enterprises face the challenge of consistently deploying and managing applications in production, at scale. Fortunately, there are more technologies and tools available today than ever before. However, transitioning from a traditional, monolithic architecture to a cloud native one comes with its own unique challenges. Below, you will find a list of the critical first steps you need to take when …

Moving to Cloud Native: How to Move Apps from Monolithic to Microservices
Mirantis Newsletter - January 2022

Every month, Mirantis sends out a newsletter chronicling top industry and company news. Below you’ll find links to blogs, tutorials, videos, and the latest updates to our enterprise, open source, and training offerings. If you don’t currently receive the newsletter, you can subscribe by clicking the button on the top right. Mirantis Brings Secure Registries to Any Kubernetes Distro Launched earlier this …

Mirantis Newsletter - January 2022
Cloud Native 5 Minutes at a Time: Creating, Observing, and Deleting Containers

One of the biggest challenges for implementing cloud native technologies is learning the fundamentals — especially when you need to fit your learning in a busy schedule. In this series, we’ll break down core cloud native concepts, challenges, and best practices into short, manageable exercises and explainers, so you can learn five minutes at a time. These lessons assume a basic …

Cloud Native 5 Minutes at a Time: Creating, Observing, and Deleting Containers
Getting started with Kubernetes part 2: Creating K8s objects with YAML

Thursday, December 30, 2021 at 10:00 AM PST
Manage your cloud-native container environment with Mirantis Container Cloud

Wednesday, January 5 at 10:00 am PST
Istio in the Enterprise: Security & Scale Out Challenges for Microservices in k8s

Presented with Tetrate