StackRox Enhances Compliance Capabilities of Its Kubernetes Security Platform to Support NIST, PCI DSS and HIPAA
StackRox , the leader in security for containers and Kubernetes, has introduced new compliance capabilities to the StackRox Kubernetes Security Platform , enabling organizations to verify and provide evidence for compliance with NIST SP 800-190, PCI DSS 3.2 and HIPAA standards.
StackRox,
the leader in security for containers and Kubernetes, has introduced new
compliance capabilities to the StackRox
Kubernetes Security Platform, enabling organizations to verify and
provide evidence for compliance with NIST SP 800-190, PCI DSS 3.2 and
HIPAA standards.
The StackRox Kubernetes Security Platform enables companies to
automatically and instantly check for compliance, identify gaps or
non-compliance with controls, obtain clear and detailed remediation
information, and provide evidence of compliance ahead of audits.
Pre-built reports and drill-down capabilities provide the flexibility to
meet the various requirements of audit, compliance and security teams.
“Containers have enabled a new level of productivity and compliance,”
said Chris Mutzel, chief architect at Stratus Medicine, an organization
that helps health systems to integrate third-party software vendors who
require access to sensitive health system data. “In our sensitive and
risk-adverse industry, we have to maintain highly secure and resilient
infrastructure, but we also want to allow innovation using cloud-native
technologies. Container environments allow us to more quickly deploy
apps that back patient care and administrative efficiency while
increasing security and compliance at the same time. StackRox gives us
the ability to demonstrate our adherence to HIPAA at all times, helping
us avoid audit-induced anxieties. The platform also provides peace of
mind to our partner institutions that they can onboard new vendors
without introducing security vulnerabilities.”
The StackRox platform provides a consistent set of features across each
compliance standard:
-
Dashboard — delivers an at-a-glance view of overall compliance showing
violations of the relevant standard’s controls -
Reports — offers tailored PDF reports that can be exported to provide
an overview of the organization’s adherence to a given standard or
specification -
Evidence — provides the ability to export CSV files that auditors can
use to document each specific control described in a standard -
Customizable Environment Views — enables users the flexibility to
review compliance details at the cluster, node or namespace level -
Data Drill Down — delivers the capability to explore detailed
information on areas of non-compliance with specific controls
The StackRox Kubernetes Security Platform includes an augmented
compliance framework that provides automated checks and ongoing
monitoring of controls, configurations and policies for:
-
National Institute of Standards and Technology (NIST) SP 800-190 –
StackRox is the only container security solution that has received investment
and support from In-Q-Tel. -
Payment Card Industry Data Security Standard (PCI DSS) 3.2 – StackRox
has also published PCI
Compliance in Container Environments: A Definitive Guide. -
Health Insurance Portability and Accountability Act (HIPAA) – StackRox
helps entities demonstrate compliance with HIPAA, including data
segregation.
“It’s a challenge to ensure that container and Kubernetes deployments
comply with key security specifications because the environments are
vast and the knowledge base isn’t there yet among many DevOps and
security teams,” said Mark Bouchard, Vice President of Research and COO,
CyberEdge Group. “As organizations subject to industry regulations
continue to adopt Kubernetes, they need solutions that help them both
improve their security posture and simplify the work associated with
passing audits and demonstrating compliance.”
The StackRox Kubernetes Security Platform simplifies the compliance
process with a series of continuous and on-demand checks. The additional
capabilities for NIST, PCI, and HIPAA augment existing support for
Center for Internet Security (CIS) benchmarks for containers and
Kubernetes. The platform provides the greatest breadth of automated
checks and enforcement capabilities via native infrastructure for the
strongest container and Kubernetes compliance controls on the market.
“Integration with Kubernetes is critical to delivering such a powerful
and efficient compliance solution,” said Wei Lien Dang, StackRox Vice
President of Product. “The StackRox approach is embedded directly in the
infrastructure and integrated with Kubernetes-specific configurations,
which means security and DevOps speak the same language and share a
common view of the compliance controls in their environments.”
These new compliance capabilities are available in the current release
of the StackRox Kubernetes Security Platform.
About StackRox
StackRox helps enterprises secure their
Kubernetes environments at scale. The StackRox Kubernetes Security
Platform enables security and DevOps teams to enforce their compliance
and security policies across the entire container life cycle, from build
to deploy to runtime. StackRox integrates with existing DevOps and
security tools, enabling teams to quickly operationalize container and
Kubernetes security. StackRox customers span cloud-native startups,
Global 2000 enterprises, and government agencies. StackRox is privately
held and headquartered in Mountain View, California. To learn more,
visit www.stackrox.com
and follow us on Facebook,
LinkedIn
and Twitter.
View source version on businesswire.com: https://www.businesswire.com/news/home/20190227005163/en/