Virtualization Technology News and Information
StackRox Enhances Compliance Capabilities of its Kubernetes Security Platform to Support NIST, PCI DSS, and HIPAA
StackRox, the leader in security for containers and Kubernetes, has introduced new compliance capabilities to the StackRox Kubernetes Security Platform, enabling organizations to verify and provide evidence for compliance with NIST SP 800-190, PCI DSS 3.2, and HIPAA standards.

The StackRox Kubernetes Security Platform enables companies to automatically and instantly check for compliance, identify gaps or non-compliance with controls, obtain clear and detailed remediation information, and provide evidence of compliance ahead of audits. Pre-built reports and drill-down capabilities provide the flexibility to meet the various requirements of audit, compliance, and security teams.

"Containers have enabled a new level of productivity and compliance," said Chris Mutzel, chief architect at Stratus Medicine, an organization that helps health systems to integrate third-party software vendors who require access to sensitive health system data. "In our sensitive and risk-adverse industry, we have to maintain highly secure and resilient infrastructure, but we also want to allow innovation using cloud-native technologies. Container environments allow us to more quickly deploy apps that back patient care and administrative efficiency while increasing security and compliance at the same time. StackRox gives us the ability to demonstrate our adherence to HIPAA at all times, helping us avoid audit-induced anxieties. The platform also provides peace of mind to our partner institutions that they can onboard new vendors without introducing security vulnerabilities."

The StackRox platform provides a consistent set of features across each compliance standard:

  • Dashboard - delivers an at-a-glance view of overall compliance showing violations of the relevant standard's controls
  • Reports - offers tailored PDF reports that can be exported to provide an overview of the organization's adherence to a given standard or specification
  • Evidence - provides the ability to export CSV files that auditors can use to document each specific control described in a standard
  • Customizable Environment Views - enables users the flexibility to review compliance details at the cluster, node, or namespace level
  • Data Drill Down - delivers the capability to explore detailed information on areas of non-compliance with specific controls

The StackRox Kubernetes Security Platform includes an augmented compliance framework that provides automated checks and ongoing monitoring of controls, configurations, and policies for:

"It's a challenge to ensure that container and Kubernetes deployments comply with key security specifications because the environments are vast and the knowledge base isn't there yet among many DevOps and security teams," said Mark Bouchard, Vice President of Research and COO, CyberEdge Group. "As organizations subject to industry regulations continue to adopt Kubernetes, they need solutions that help them both improve their security posture and simplify the work associated with passing audits and demonstrating compliance."

The StackRox Kubernetes Security Platform simplifies the compliance process with a series of continuous and on-demand checks. The additional capabilities for NIST, PCI, and HIPAA augment existing support for Center for Internet Security (CIS) benchmarks for containers and Kubernetes. The platform provides the greatest breadth of automated checks and enforcement capabilities via native infrastructure for the strongest container and Kubernetes compliance controls on the market.

"Integration with Kubernetes is critical to delivering such a powerful and efficient compliance solution," said Wei Lien Dang, StackRox Vice President of Product. "The StackRox approach is embedded directly in the infrastructure and integrated with Kubernetes-specific configurations, which means security and DevOps speak the same language and share a common view of the compliance controls in their environments."

These new compliance capabilities are available in the current release of the StackRox Kubernetes Security Platform.

Published Wednesday, February 27, 2019 7:27 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2019>