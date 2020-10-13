StackRox Selected as Accredited Kubernetes-Native Security Platform for U.S. Department of Defense Iron Bank

October 2020 by Marc Jacob

StackRox announced that the StackRox Kubernetes Security Platform has received accreditation from Iron Bank (formerly known as Department of Defense Centralized Artifacts Repository (DCAR)) as part of the DoD’s Enterprise DevSecOps Initiative. The DoD is implementing the Enterprise DevSecOps Initiative to enable agencies to develop applications more rapidly and in a more secure manner to increase the warfighter’s competitive advantage. The StackRox Kubernetes Security Platform has been certified for compliance with the DoD Enterprise DevSecOps Container Hardening guide and accredited for use by the DoD to enable automated testing and container security.

As part of the DoD’s Enterprise DevSecOps Initiative, Iron Bank was developed to offer agencies access to a wide range of hardened and centrally accredited containers with pre-selected, certified, and secured best-of-breed development tools and software capabilities. A critical element of this accreditation is the ability to ensure security activities occur in all phases of the DevSecOps application lifecycle and facilitate automated risk characterization, monitoring and mitigation. StackRox is among the first vendors included in the DoD’s DevSecOps product stack and provides a Kubernetes-native security and compliance platform that protects applications across build, deploy and runtime phases.

The StackRox Kubernetes Security Platform is also listed on the Approved Product List for the Department of Homeland Security Continuous Diagnostics and Mitigation (CDM) Program. The company has helped a number of agencies accelerate modernization efforts by supporting the adoption of cloud-native infrastructure and applications in the Federal Government with its Kubernetes-native security and compliance capabilities, including:

Visibility: Providing comprehensive visibility into container and Kubernetes deployments.

Vulnerability Management: Integrating with CI/CD pipelines to protect containers from vulnerabilities throughout their life cycle.

Compliance: Enabling continuous compliance checks and reporting for controls defined in CIS Benchmarks for Docker and Kubernetes, NIST SP 800-190, PCI DSS, and HIPAA.

Network Segmentation: Implementing firewalling and segmentation policies by providing visibility, simulation, recommendations, and enforcement via Kubernetes network policies.

Risk Profiling: Profiling overall risk across workloads by correlating and analyzing various attributes and prioritizing the riskiest deployments that need remediation.

Configuration Management: Automating ongoing checks across environments to protect against misconfigurations in containers and Kubernetes, such as exposed dashboards or metadata.

Threat Detection: Combining rules, whitelists, baselines, and behavioral modeling to identify threats at runtime in container environments.

Incident Response: Automating the application of learning from incident responses to continuously improve the security posture of environments.