From Heartbeat to Holistic Implementation — Secure Cloud Native Deployments with FIPS 140-2 and DISA STIG
Cybersecurity has become national security as parties both foreign and domestic increasingly try to hack into government information systems. It is no wonder then that U.S. federal requirements for information security have also become the gold standard for cybersecurity in financial services, telecommunications, healthcare and other regulated markets.
In cloud computing, chief among these requirements are FIPS 140-2, a security standard for cryptographic modules published by the National Institute for Standards and Technology (NIST), and DISA STIG, a set of best practices from the Department of Defense. Designed to be “secure by default,” the Mirantis Cloud Native Platform portfolio features FIPS 140-2 and DISA STIG compliant products to offer organizations the assurance and convenience of ready-to-deploy solutions validated for the highest levels of protection.
Achieving Compliance with FIPS 140-2 and DISA STIG
This month, Mirantis announced a new certificate of FIPS 140-2 validation covering encryption modules for the following products:
- Mirantis Container Runtime
- Mirantis Kubernetes Engine - includes both Kubernetes and Swarm orchestration
- K0s - open source, lightweight Kubernetes distribution
Additionally, we have achieved DISA STIG compliance for Swarm-based solutions and are in the process of acquiring compliance for Kubernetes.
Mirantis has more than 100 government customers across four continents, ranging from military forces and securities commissions to health ministries and transportation agencies. Our FIPS 140-2 validation is essential to our business with U.S. federal agencies, as procurement officers will only talk to cloud computing vendors that are compliant. Similarly, doing business with the U.S. military requires DISA STIG compliance.
Increasingly, enterprises in industries as diverse as banking, insurance, healthcare, retail, manufacturing, and telecommunications are also mandating or prioritizing FIPS 140-2 and DISA STIG compliant solutions.
So how do FIPS 140-2 and DISA STIG relate within a cloud native deployment?
The Onion Metaphor
You didn’t expect to read about onions in this blog, now did you? I also was surprised when I heard one of Mirantis’ top cloud security experts refer to this metaphor, but it makes sense. Cloud security, like an onion, has many layers. Standards like FIPS 140-2 are at the core of the onion, because it provides secure communication. By implementing FIPS 140-2 right at the container runtime, Mirantis Cloud Native Platform secures the heartbeat of container operations, protecting any operation that involves a container action, whether it’s starting up a container, deleting a container, scaling up a container, etc.
Moving outward from the core, we implement security at the cluster level. Recently, Mirantis expanded our FIPS 140-2 validation with encryption modules licensed for Mirantis Kubernetes Engine, our container management platform, and k0s, a lightweight open source Kubernetes distribution. By implementing FIPS 140-2 at the orchestration layer, we also protect any operation that involves a cluster action, such as deploying applications with Kubernetes or Swarm, scaling clusters, managing and deploying private images, etc.
Many of our customers need to achieve FIPS 140-2 certification for their entire solution stack, so integrating the already FIPS-validated Mirantis products makes their own certification process easier. Having FIPS 140-2 validation for k0s is especially important for edge computing and IoT use cases, to provide high security at remote locations with a small footprint.
As you expand further towards the outer layers of the onion, then DISA STIG provides a set of rules that should be followed to secure a cloud native deployment from a more holistic approach. DISA STIG factors in the entire implementation of your cloud solution, including your adherence to best practices, the processes you use to govern operations, and how you secure your software supply chain.
So if you’re concerned about protecting your Kubernetes or Swarm deployments, Mirantis Cloud Native Platform has got you covered on multiple fronts, ranging from the core of container operations to the orchestration layer to the implementation as a whole.
To learn more about FIPS 140-2 and DISA STIG, watch a webinar recording featuring Mirantis security expert Bryan Langston, Real Verifiable Security.