Iscriviti al feed

To help government agencies and regulated industries embrace cloud-native innovation at scale while enhancing their security posture, we are pleased to announce the publication of the Security Technical Implementation Guide (STIG) from the Defense Information Systems Agency (DISA) for Red Hat OpenShift 4. The guide is available for download at the Department of Defense (DoD) Cyber Exchange.

As containers continue to grow in adoption, the number of vulnerabilities and regulatory concerns has increased exponentially. According to Red Hat’s 2023 State of Kubernetes Security Report, 67% of respondents report they have had to slow down cloud-native adoption due to security concerns. However, the need for rigorous security measures and compliance controls doesn’t mean organizations need to place digital transformation efforts on hold.

Scaling innovation while focusing on security

Managing security is a continuous process. Red Hat OpenShift is designed to support how government agencies work in a digital world, enabling Kubernetes-based applications to be developed and deployed more quickly while prioritizing security posture and compliance measures. Red Hat OpenShift is a single application platform for building and scaling containerized applications or modernizing existing applications. Red Hat OpenShift helps you build security into your applications by shifting security to the left, automate policies that let you manage container deployment security, and protects cloud-native applications at runtime. Additionally, Red Hat OpenShift Platform Plus builds on the capabilities of Red Hat OpenShift with:

  • Red Hat Advanced Cluster Management for Kubernetes, which provides multicluster management, end-to-end visibility, and control of your Kubernetes clusters.
  • Red Hat Advanced Cluster Security for Kubernetes, which provides Kubernetes-native security with DevSecOps capabilities to protect the software supply chain, infrastructure, and workloads.
  • Red Hat Quay, a globally-distributed and scalable registry with advanced access control and security scanning.

Customers benefits

Using the critical security guidance, organizational approvals will be more attainable to get systems in production faster for security-conscious computing in a variety of regulated industries, from energy and banking to government and defense.

Key benefits include:

  • Customers can now deploy Red Hat OpenShift with greater assurance that it complies with STIG security guidelines. 
  • STIG for Red Hat OpenShift includes a number of controls that cover not just Red Hat OpenShift, but also the underlying Red Hat CoreOS, upon which the OpenShift node is built.
  • Administrators automatically assess compliance of both the Kubernetes resources of Red Hat OpenShift, as well as the nodes running the cluster. The latest Compliance Operator, expected to be available later this month, uses OpenSCAP, a NIST-certified tool, to scan clusters for compliance with a range of security policies. Administrators can also use the Compliance Operator to automatically remediate clusters to achieve compliance with the profile.

"Red Hat has long been a leader in security for enterprise open source solutions and continues to evolve to set new standards in securing cloud-native environments,” said Vincent Danen, vice president, Product Security, Red Hat. “With the publication of the DISA STIG for Red Hat OpenShift 4, agencies and organizations can build, deploy, and operate a wide range of applications across the hybrid cloud with the assurance that it is in compliance with STIG security guidelines."

Red Hat is committed to bringing the industry’s leading hybrid cloud application platform powered by Kubernetes to government agencies and regulated industries that want to embrace open hybrid cloud while meeting the stringent requirements of sensitive workloads. This announcement follows additional recent certifications and attestations, including the release of the first Ansible STIG, the announcement of Red Hat OpenShift on AWS prioritization for FedRAMP JAB, and an assessment of Red Hat OpenShift Service on AWS through the InfoSec Registered Assessors Program (IRAP)

Download today

Get started today with a modern, scalable approach to enhancing security for the entire application platform stack with the Red Hat OpenShift 4 DISA STIG.

 


Sull'autore

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies.


Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Read full bio

Ricerca per canale

automation icon

Automazione

Novità sull'automazione IT di tecnologie, team e ambienti

AI icon

Intelligenza artificiale

Aggiornamenti sulle piattaforme che consentono alle aziende di eseguire carichi di lavoro IA ovunque

open hybrid cloud icon

Hybrid cloud open source

Scopri come affrontare il futuro in modo più agile grazie al cloud ibrido

security icon

Sicurezza

Le ultime novità sulle nostre soluzioni per ridurre i rischi nelle tecnologie e negli ambienti

edge icon

Edge computing

Aggiornamenti sulle piattaforme che semplificano l'operatività edge

Infrastructure icon

Infrastruttura

Le ultime novità sulla piattaforma Linux aziendale leader a livello mondiale

application development icon

Applicazioni

Approfondimenti sulle nostre soluzioni alle sfide applicative più difficili

Original series icon

Serie originali

Raccontiamo le interessanti storie di leader e creatori di tecnologie pensate per le aziende