Fugue Compliance Suite Released
October 22, 2018

Fugue announced the availability of the Fugue Compliance Suite to make it easier for enterprises to validate cloud infrastructure against security and compliance policy to prevent data breaches.

Included in the Fugue 1.8 product release, the Compliance Suite contains pre-built validations expressed in policy-as-code libraries that are mapped to AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, and HIPAA.

“As enterprise cloud adoption increases, so have data breaches and other security and compliance incidents due to cloud misconfiguration exposure,” said Phillip Merrick, CEO of Fugue. “Because of this, cloud security and compliance are now top enterprise priorities, but it’s important that solutions don’t slow the pace of innovation. The Fugue Compliance Suite is designed to help cloud teams move fast and at scale to ensure that compliance policy is continuously enforced at every stage.”

Cloud infrastructure and security teams can use the Fugue Compliance Suite to automatically identify compliance violations. This allows teams to easily establish known-good infrastructure baselines that can be replicated, shared, scaled, and continuously enforced. Automated policy checks can be integrated into CI/CD pipelines to support DevOps speed and agility while preventing resources that violate compliance standards from being provisioned. For running infrastructure, Fugue automatically identifies unauthorized changes and reverts them back to a known-good baseline. This eliminates critical vulnerabilities the moment they occur.

The Fugue Compliance Suite includes pre-built, policy-as-code libraries for the following compliance regimes:

- NIST 800-53 Rev. 4 (National Institute of Standards and Technology). A catalog of security controls developed by NIST that are used to protect federal government information systems.

- AWS CIS Benchmarks (Center for Internet Security). Consensus-based industry best practices to help organizations assess and improve their security.

- HIPAA (Health Insurance Portability and Accountability Act). Law requiring all HIPAA-covered businesses to prevent unauthorized access to Protected Health Information (PHI).

- GDPR (General Data Protection Regulation). Controls to enforce the European Union regulation for protecting the personal data and privacy of individuals within the EU and European Economic Area (EEA).

Share this

Industry News

November 21, 2019

PASS, the global community of data professionals, has become one of the first major users of a new solution from Redgate that automatically discovers and classifies sensitive data in SQL Server.

November 21, 2019

OutSystems has embedded AI and machine learning in its software to make building applications even easier and faster for everyone.

November 21, 2019

Fugue announced Fugue Developer, a free tier that puts engineers in command of cloud security through the entire software development lifecycle (SDLC).

November 20, 2019

JFrog announced the launch of JFrog Container Registry - powered by JFrog Artifactory - as an advanced Docker container registry.

November 20, 2019

CloudBees introduced a graphical user interface (GUI) for Jenkins X.

November 20, 2019

Portworx announced an update to Portworx Enterprise, its container-native storage platform, to enable companies to run, scale, backup, and recover mission-critical applications on Kubernetes: PX-Backup and PX-Autopilot for Capacity Management.

November 19, 2019

Parasoft announced complete support for the newly updated 2019 Common Weakness Enumeration (CWE) Top 25 and "On the Cusp" (an additional 15 weaknesses) for C, C++, Java, and .NET languages.

November 19, 2019

Red Hat announced the release of Red Hat CodeReady Workspaces 2, a cloud-native development workflow for developers.

November 19, 2019

Postman has introduced Postman Visualizer, a two-fold feature that offers benefits for both API consumers and API developers.

November 18, 2019

Hewlett Packard Enterprise (HPE) announced the HPE Container Platform, an enterprise-grade Kubernetes-based container platform designed for both cloud-native applications and monolithic applications with persistent storage.

November 18, 2019

Lacework announced its integration with Datadog, a monitoring and analytics platform.

November 18, 2019

Codefresh is introducing a live CI/CD debugging tool.

November 14, 2019

Raytheon Company is collaborating with Red Hat to develop a new, security-focused software development solution, known as DevSecOps, for enterprise environments.

November 14, 2019

Fugue has open sourced the Fugue Rego Toolkit (Fregot) to enhance the experience working with the Rego policy language.

November 14, 2019

Sysdig announced Sysdig Secure 3.0 to provide enterprises with threat prevention at runtime using Kubernetes-native Pod Security Policies (PSP).