To help government agencies and regulated industries embrace cloud-native innovation at scale while enhancing their security posture, we are pleased to announce the publication of the Security Technical Implementation Guide (STIG) from the Defense Information Systems Agency (DISA) for Red Hat OpenShift 4. The guide is available for download at the Department of Defense (DoD) Cyber Exchange.
As containers continue to grow in adoption, the number of vulnerabilities and regulatory concerns has increased exponentially. According to Red Hat’s 2023 State of Kubernetes Security Report, 67% of respondents report they have had to slow down cloud-native adoption due to security concerns. However, the need for rigorous security measures and compliance controls doesn’t mean organizations need to place digital transformation efforts on hold.
Scaling innovation while focusing on security
Managing security is a continuous process. Red Hat OpenShift is designed to support how government agencies work in a digital world, enabling Kubernetes-based applications to be developed and deployed more quickly while prioritizing security posture and compliance measures. Red Hat OpenShift is a single application platform for building and scaling containerized applications or modernizing existing applications. Red Hat OpenShift helps you build security into your applications by shifting security to the left, automate policies that let you manage container deployment security, and protects cloud-native applications at runtime. Additionally, Red Hat OpenShift Platform Plus builds on the capabilities of Red Hat OpenShift with:
- Red Hat Advanced Cluster Management for Kubernetes, which provides multicluster management, end-to-end visibility, and control of your Kubernetes clusters.
- Red Hat Advanced Cluster Security for Kubernetes, which provides Kubernetes-native security with DevSecOps capabilities to protect the software supply chain, infrastructure, and workloads.
- Red Hat Quay, a globally-distributed and scalable registry with advanced access control and security scanning.
Customers benefits
Using the critical security guidance, organizational approvals will be more attainable to get systems in production faster for security-conscious computing in a variety of regulated industries, from energy and banking to government and defense.
Key benefits include:
- Customers can now deploy Red Hat OpenShift with greater assurance that it complies with STIG security guidelines.
- STIG for Red Hat OpenShift includes a number of controls that cover not just Red Hat OpenShift, but also the underlying Red Hat CoreOS, upon which the OpenShift node is built.
- Administrators automatically assess compliance of both the Kubernetes resources of Red Hat OpenShift, as well as the nodes running the cluster. The latest Compliance Operator, expected to be available later this month, uses OpenSCAP, a NIST-certified tool, to scan clusters for compliance with a range of security policies. Administrators can also use the Compliance Operator to automatically remediate clusters to achieve compliance with the profile.
"Red Hat has long been a leader in security for enterprise open source solutions and continues to evolve to set new standards in securing cloud-native environments,” said Vincent Danen, vice president, Product Security, Red Hat. “With the publication of the DISA STIG for Red Hat OpenShift 4, agencies and organizations can build, deploy, and operate a wide range of applications across the hybrid cloud with the assurance that it is in compliance with STIG security guidelines."
Red Hat is committed to bringing the industry’s leading hybrid cloud application platform powered by Kubernetes to government agencies and regulated industries that want to embrace open hybrid cloud while meeting the stringent requirements of sensitive workloads. This announcement follows additional recent certifications and attestations, including the release of the first Ansible STIG, the announcement of Red Hat OpenShift on AWS prioritization for FedRAMP JAB, and an assessment of Red Hat OpenShift Service on AWS through the InfoSec Registered Assessors Program (IRAP).
Download today
Get started today with a modern, scalable approach to enhancing security for the entire application platform stack with the Red Hat OpenShift 4 DISA STIG.
About the author
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies.
Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
More like this
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit