Mirantis works with agencies and primary partners to achieve certification and compliance of complete solutions along a range of pathways, including:
Relevant DISA STIGs
CIS security benchmarks
Computer Security Alliance (CSA) standards
CISA Zero Trust Maturity Model (ZTMM) 2.0
NSA & CISA Kubernetes Hardening Guidance – Cybersecurity technical report
Mirantis products hold the following certifications, covering technical aspects of container, information and data, and communications security. Mirantis IT locations, personnel, and processes are certified to comply with US and international standards for product quality management, information security, and environmental responsibility/sustainability. These include:
Cryptography and Container Security
The Federal Information Processing Standard (FIPS) 140-2 is a U.S. government standard that specifies security requirements for cryptographic modules used to protect sensitive information. It ensures that encryption algorithms and implementations meet a certain level of security and quality.
Mirantis Container Runtime’s (MCR) Cryptographic Module is certified by NIST Cryptographic Module Validation Program (CMVP) to support FIPS 140-2. The Mirantis Cryptographic Module NG delivers core cryptographic functions for Mirantis platforms, including secure key management, data integrity, data at rest encryption, and secure communications. It features robust algorithm support, including Suite B algorithms.
Information Security Management
ISO 27001 is an international standard for information security management systems (ISMS). It provides a framework for managing and protecting sensitive information, assessing risks, and implementing appropriate security controls to minimize potential threats.
Mirantis is ISO 27001 certified
Trusted Information Security Assessment Exchange is a European standard similar to ISO 27001 but addressing specific requirements of automobile manufacturing. It is managed by ENX, a joint association of European automotive manufacturers and suppliers.
Mirantis is TISAX assessed at Level 2 (AL2) for high security. Registered member number P31T23
International standard for environmental management systems (EMS). It provides a framework for organizations to manage their environmental responsibilities, minimize environmental impacts, and achieve sustainable growth.
Mirantis is ISO 14001 certified.
International standard for quality management systems (QMS). It outlines the criteria for a QMS that focuses on customer satisfaction, continuous improvement, and the involvement of all levels of an organization in meeting quality objectives.
Mirantis is ISO 9001 certified
Three Pillars of Mirantis Security
From an operational perspective, our security is based on the following three pillars:
People – Employees are our most important resource. We train our employees to constantly monitor the threats that may affect them in both their daily work and personal life. We place a high priority on periodic employee training designed to increase their level of awareness of security issues.
Product – We believe that the appropriate product development processes, including security tests, acceptance tests and performance tests, will prepare our clients’ software for various situations and threats. We make every effort during project risk analysis to identify possible risk scenarios and properly prepare the configuration for them.
Infrastructure – This is the greatest challenge in ensuring security. Our activities include both the “heavy” infrastructure related to the services provided by our Data Center and the “light” infrastructure used by employees to perform their daily duties. We monitor the condition of both types of infrastructure in accordance with the current guidelines and the requirements of our clients.
We as an organization are always ready to address new information security challenges from our clients. We believe that each new requirement provides an opportunity to further develop our security strategies and allows us to better prepare for market challenges.
Mirantis ISMS Documentation: Examples
The documentation for our Information Security Management System (ISMS) fulfills requirements set by international security standards. Below are some excerpts from our ISMS documentation:
Information Security Policy
The Company has implemented an information security policy to define the directions of information security in the company and to indicate to our employees the general principles of information security. Detailed process descriptions can be found in internal documents such as process policies or work instructions.
Access Control Policy
We make every effort to ensure that access to systems and applications is granted in accordance with the best information security guidelines. Access management is documented and periodically analyzed, and the review is subject to periodic revision in terms of the suitability of the rights granted.
Mirantis people believe that a well-implemented change management process in terms of the product and infrastructure allows for accountability of work, analysis of the causes of problems in the processes, and proper information feedback within the organization and departments participating in the process. Change management is periodically analyzed and documented on an ongoing basis.
Acceptable Use Policy
Ensuring monitoring is a challenge for the security department, but we are convinced that without sensible and conscious employees it would be difficult to maintain an appropriate level of security. The policy is a set of guidelines for good and safe behavior for our employees when using the office infrastructure and cooperation with clients.
Business Continuity Policy
We pay special attention to business continuity, and we have developed our own ABC methodology which allows us to monitor the continuity of technological processes related to IT infrastructure on an ongoing basis. We have basic critical scenarios that we periodically test and document.
Incident Management and Tracking
Monitoring security incidents is one of our most complex processes. Our approach integrates incident management in several areas. We have teams that monitor the Internet 24 hours a day in search of problems that could apply to products, software or other topics related to our company. The method of reporting incidents is agreed with our clients on a case-by-case basis.
Supplier Management Policy
We carefully select companies cooperating with us in accordance with the expectations of our clients. Suppliers are assessed in accordance with the adopted methodology. If there are any risks related to the cooperation, they are discussed with the partner.
Mirantis has implemented a policy of cooperation with suppliers, which also introduces athird-party risk assessment process. Supplier risk assessment results are documented and periodically monitored as needed.