Certifications

Mirantis works with agencies and primary partners to achieve certification and compliance of complete solutions along a range of pathways, including:

FedRAMP

Relevant DISA STIGs

CIS security benchmarks

Computer Security Alliance (CSA) standards

CISA Zero Trust Maturity Model (ZTMM) 2.0

NSA & CISA Kubernetes Hardening Guidance – Cybersecurity technical report

PCI

HIPAA

Program/project-specific ATOs

Mirantis products hold the following certifications, covering technical aspects of container, information and data, and communications security. Mirantis IT locations, personnel, and processes are certified to comply with US and international standards for product quality management, information security, and environmental responsibility/sustainability. These include:

Cryptography and Container Security

TECHNOLOGY/STANDARD:

FIPS 140-2

The Federal Information Processing Standard (FIPS) 140-2 is a U.S. government standard that specifies security requirements for cryptographic modules used to protect sensitive information. It ensures that encryption algorithms and implementations meet a certain level of security and quality.

Mirantis Supports

Mirantis Container Runtime’s (MCR) Cryptographic Module is certified by NIST Cryptographic Module Validation Program (CMVP) to support FIPS 140-2. The Mirantis Cryptographic Module NG delivers core cryptographic functions for Mirantis platforms, including secure key management, data integrity, data at rest encryption, and secure communications. It features robust algorithm support, including Suite B algorithms.

Certificates (NIST): #3993, #3304



Information Security Management

TECHNOLOGY/STANDARD:

ISO 27001

ISO 27001 is an international standard for information security management systems (ISMS). It provides a framework for managing and protecting sensitive information, assessing risks, and implementing appropriate security controls to minimize potential threats.

Mirantis Supports

Mirantis is ISO 27001 certified

TECHNOLOGY/STANDARD:

TISAX

Trusted Information Security Assessment Exchange is a European standard similar to ISO 27001 but addressing specific requirements of automobile manufacturing. It is managed by ENX, a joint association of European automotive manufacturers and suppliers.

Mirantis Supports

Mirantis is TISAX assessed at Level 2 (AL2) for high security. Registered member number P31T23


Environmental Management

TECHNOLOGY/STANDARD:

ISO 14001

International standard for environmental management systems (EMS). It provides a framework for organizations to manage their environmental responsibilities, minimize environmental impacts, and achieve sustainable growth.

Mirantis Supports

Mirantis is ISO 14001 certified.


Quality Management

TECHNOLOGY/STANDARD:

ISO 9001

International standard for quality management systems (QMS). It outlines the criteria for a QMS that focuses on customer satisfaction, continuous improvement, and the involvement of all levels of an organization in meeting quality objectives.

Mirantis Supports

Mirantis is ISO 9001 certified

Three Pillars of Mirantis Security

From an operational perspective, our security is based on the following three pillars:

  1. People – Employees are our most important resource. We train our employees to constantly monitor the threats that may affect them in both their daily work and personal life. We place a high priority on periodic employee training designed to increase their level of awareness of security issues.

  2. Product – We believe that the appropriate product development processes, including security tests, acceptance tests and performance tests, will prepare our clients’ software for various situations and threats. We make every effort during project risk analysis to identify possible risk scenarios and properly prepare the configuration for them.

  3. Infrastructure – This is the greatest challenge in ensuring security. Our activities include both the “heavy” infrastructure related to the services provided by our Data Center and the “light” infrastructure used by employees to perform their daily duties. We monitor the condition of both types of infrastructure in accordance with the current guidelines and the requirements of our clients.

We as an organization are always ready to address new information security challenges from our clients. We believe that each new requirement provides an opportunity to further develop our security strategies and allows us to better prepare for market challenges.

Mirantis ISMS Documentation: Examples

The documentation for our Information Security Management System (ISMS) fulfills requirements set by international security standards. Below are some excerpts from our ISMS documentation:

Information Security Policy

The Company has implemented an information security policy to define the directions of information security in the company and to indicate to our employees the general principles of information security. Detailed process descriptions can be found in internal documents such as process policies or work instructions.

Access Control Policy

We make every effort to ensure that access to systems and applications is granted in accordance with the best information security guidelines. Access management is documented and periodically analyzed, and the review is subject to periodic revision in terms of the suitability of the rights granted.

laptop-open-2x laptop-open-2x

Change Management

Mirantis people believe that a well-implemented change management process in terms of the product and infrastructure allows for accountability of work, analysis of the causes of problems in the processes, and proper information feedback within the organization and departments participating in the process. Change management is periodically analyzed and documented on an ongoing basis.

Acceptable Use Policy

Ensuring monitoring is a challenge for the security department, but we are convinced that without sensible and conscious employees it would be difficult to maintain an appropriate level of security. The policy is a set of guidelines for good and safe behavior for our employees when using the office infrastructure and cooperation with clients.

Business Continuity Policy

We pay special attention to business continuity, and we have developed our own ABC methodology which allows us to monitor the continuity of technological processes related to IT infrastructure on an ongoing basis. We have basic critical scenarios that we periodically test and document.

Incident Management and Tracking

Monitoring security incidents is one of our most complex processes. Our approach integrates incident management in several areas. We have teams that monitor the Internet 24 hours a day in search of problems that could apply to products, software or other topics related to our company. The method of reporting incidents is agreed with our clients on a case-by-case basis.

Supplier Management Policy

We carefully select companies cooperating with us in accordance with the expectations of our clients. Suppliers are assessed in accordance with the adopted methodology. If there are any risks related to the cooperation, they are discussed with the partner.

Mirantis has implemented a policy of cooperation with suppliers, which also introduces athird-party risk assessment process. Supplier risk assessment results are documented and periodically monitored as needed.

Request a Quote


Phone

Shane Moder

Federal Director, Mirantis

+1-435-513-0712


Tyler Wimber

Public Sector Business Specialist, Mirantis

(515) 401-2650