StackRox Kubernetes Security Platform Offers New Compliance Capabilities
February 27, 2019

StackRox introduced new compliance capabilities to the StackRox Kubernetes Security Platform, enabling organizations to verify and provide evidence for compliance with NIST SP 800-190, PCI DSS 3.2 and HIPAA standards.

The StackRox Kubernetes Security Platform enables companies to automatically and instantly check for compliance, identify gaps or non-compliance with controls, obtain clear and detailed remediation information, and provide evidence of compliance ahead of audits. Pre-built reports and drill-down capabilities provide the flexibility to meet the various requirements of audit, compliance and security teams.

The StackRox platform provides a consistent set of features across each compliance standard:

- Dashboard — delivers an at-a-glance view of overall compliance showing violations of the relevant standard’s controls

- Reports — offers tailored PDF reports that can be exported to provide an overview of the organization’s adherence to a given standard or specification

- Evidence — provides the ability to export CSV files that auditors can use to document each specific control described in a standard

- Customizable Environment Views — enables users the flexibility to review compliance details at the cluster, node or namespace level

- Data Drill Down — delivers the capability to explore detailed information on areas of non-compliance with specific controls

The StackRox Kubernetes Security Platform includes an augmented compliance framework that provides automated checks and ongoing monitoring of controls, configurations and policies for:

- National Institute of Standards and Technology (NIST) SP 800-190 – StackRox is the only container security solution that has received investment and support from In-Q-Tel.

- Payment Card Industry Data Security Standard (PCI DSS) 3.2 – StackRox has also published PCI Compliance in Container Environments: A Definitive Guide.

- Health Insurance Portability and Accountability Act (HIPAA) – StackRox helps entities demonstrate compliance with HIPAA, including data segregation.

The StackRox Kubernetes Security Platform simplifies the compliance process with a series of continuous and on-demand checks. The additional capabilities for NIST, PCI, and HIPAA augment existing support for Center for Internet Security (CIS) benchmarks for containers and Kubernetes. The platform provides the greatest breadth of automated checks and enforcement capabilities via native infrastructure for the strongest container and Kubernetes compliance controls on the market.

“Integration with Kubernetes is critical to delivering such a powerful and efficient compliance solution,” said Wei Lien Dang, StackRox VP of Product. “The StackRox approach is embedded directly in the infrastructure and integrated with Kubernetes-specific configurations, which means security and DevOps speak the same language and share a common view of the compliance controls in their environments.”

These new compliance capabilities are available in the current release of the StackRox Kubernetes Security Platform.

Share this

Industry News

January 16, 2020

VAST Data announced the general availability of its new Container Storage Interface (CSI).

January 16, 2020

Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment.

January 16, 2020

WhiteHat Security will offer free application scanning services to federal, state and municipal agencies in North America.

January 15, 2020

Micro Focus announced the release of Micro Focus AD Bridge 2.0, offering IT administrators the ability to extend Active Directory (AD) controls from on-premises resources, including Windows and Linux devices to the cloud - a solution not previously offered in the marketplace.

January 15, 2020

SaltStack announced the availability of three new open-source innovation modules: Heist, Umbra, and Idem.

January 15, 2020

ShiftLeft announced a partnership and deep integration with CircleCI that enables organizations to insert security directly into developer pull requests from code repositories.

January 14, 2020

Containous closed $10 million in Series A funding.

January 13, 2020

JFrog announced the launch of the free ConanCenter, enabling better search and discovery while streamlining C/C++ package management.

January 13, 2020

Perfect Sense launched Gyro - a cloud management tool that mitigates the risks associated with manually provisioning and managing infrastructure, lack of standards in configurations, and unpredictable results from changes to cloud infrastructure.

January 13, 2020

Synopsys has completed the acquisition of Tinfoil Security, a provider of dynamic application security testing (DAST) and Application Program Interface (API) security testing solutions.

January 09, 2020

IT Revolution, the industry leader for advancing DevOps, opened its call for presentations for both DevOps Enterprise Summit 2020 events in London and Las Vegas.

January 08, 2020

Anchore announced the immediate availability of Anchore Enterprise 2.2.

January 08, 2020

TigerGraph announced new functionality and performance for TigerGraph Cloud.

January 07, 2020

Compuware Corporation announced a CloudBees Technical Alliance Partner Program (TAPP) Premier Partnership and new advancements to Topaz that together enable organizations to quickly achieve low-risk, low-cost mainframe modernization by fully leveraging their existing mainframe resources.

January 07, 2020

Allegro A officially welcomes Allegro Trains Agent to the Allegro Trains ecosystem.