Player FM 앱으로 오프라인으로 전환하세요!
Achieving DISA STIG Certification for MKE: Challenges, Successes & Best Practices for Compliant Public Sector Solutions
Manage episode 459429946 series 3342345
In this month's episode, John Jainschigg, Director of Open Source Initiatives at Mirantis hosts Kathleen Moyer, Director of Service Delivery at Corsec Security, and William Konitzer, Senior Solution Architect at Mirantis, to explore the recently achieved DISA STIG certification for Mirantis Kubernetes Engine (MKE). Together, they dive into the intricate certification process that enables public sector and enterprise users to deploy secure, compliant applications using MKE.
Listeners will gain insights into the collaborative effort between Mirantis and Corsec Security, where Kathleen shares her 25 years of expertise in security certifications, detailing how Corsec facilitated the process with government agencies like DISA and the DoD. William provides a behind-the-scenes look at the technical challenges and solutions that ensured MKE met stringent Department of Defense (DoD) security standards without compromising usability or performance. Furthermore, he highlights some of the team's learnings in the context of how it changed the thought process of Mirantis' engineering teams when it came to security.
Achieved in early 2024, this milestone positions MKE as a powerful tool for public sector organizations and industries with specific security and compliance needs. Whether you’re navigating public sector compliance requirements or interested in secure cloud native solutions, this episode offers practical advice and unique perspectives on implementing and managing a STIG-compliant Kubernetes platform.
A full list of this episode's topics include:
- Corsec Security's role in the MKE DISA STIG process
- Common challenges Orgs face in STIG process
- How Corsec handles security testing to ensure compliance
- SITG vs FEDRAMP - in terms of requirements
- How Corsec handles product updates re: the STIG
- Advice for companies getting started with STIG certification
- Role of documentation in STIG process
- Challenges in MKE STIG process
- Why Mirantis did a STIG for MKE
- Specific security features of MKE that affected DISA STIG approval
- Mirantis and Corsec collaboration
- MKE for the Public Sector
- Timelines for achieving STIG certification
- Mitigating evolving vulnerabilities
- How the SITG process for MKE impacted Mirantis engineering
If you want to listen to more episodes of Radio Cloud Native, please visit https://www.mirantis.com/radiocloudnative/ to download, or find them wherever you prefer to consume your podcasts.
If you are interested in contributing to Radio Cloud Native, please reach out to our podcast team: podcasts@mirantis.com
챕터
1. Intro (00:00:00)
2. What was Corsec Security's role in the MKE DISA STIG process? (00:01:03)
3. What are common challenges Orgs face in STIG process? (00:02:23)
4. How does Corsec help with security testing to ensure compliance? (00:07:37)
5. What makes SITG requirements unique vs FEDRAMP? (00:09:14)
6. How does Corsec handle product updates re: the STIG? (00:12:43)
7. What advice would you give to companies started out with STIG? (00:13:50)
8. Role of documentation in STIG process (00:16:46)
9. Challenges in MKE STIG process (00:20:27)
10. Why did Mirantis do a STIG for MKE? (00:23:09)
11. Specific security features of MKE that affected DISA STIG approval (00:24:46)
12. How did Mirantis and Corsec collaborate to achieve STIG certification? (00:26:31)
13. How can MKE be used in the Public Sector? (00:27:20)
14. What are typical timelines for achieving STIG certification? (00:30:19)
15. How to mitigate evolving vulnerabilities (00:31:14)
16. How has the SITG process for MKE impacted Mirantis engineering? (00:32:21)
17. Outro (00:34:33)
60 에피소드
Manage episode 459429946 series 3342345
In this month's episode, John Jainschigg, Director of Open Source Initiatives at Mirantis hosts Kathleen Moyer, Director of Service Delivery at Corsec Security, and William Konitzer, Senior Solution Architect at Mirantis, to explore the recently achieved DISA STIG certification for Mirantis Kubernetes Engine (MKE). Together, they dive into the intricate certification process that enables public sector and enterprise users to deploy secure, compliant applications using MKE.
Listeners will gain insights into the collaborative effort between Mirantis and Corsec Security, where Kathleen shares her 25 years of expertise in security certifications, detailing how Corsec facilitated the process with government agencies like DISA and the DoD. William provides a behind-the-scenes look at the technical challenges and solutions that ensured MKE met stringent Department of Defense (DoD) security standards without compromising usability or performance. Furthermore, he highlights some of the team's learnings in the context of how it changed the thought process of Mirantis' engineering teams when it came to security.
Achieved in early 2024, this milestone positions MKE as a powerful tool for public sector organizations and industries with specific security and compliance needs. Whether you’re navigating public sector compliance requirements or interested in secure cloud native solutions, this episode offers practical advice and unique perspectives on implementing and managing a STIG-compliant Kubernetes platform.
A full list of this episode's topics include:
- Corsec Security's role in the MKE DISA STIG process
- Common challenges Orgs face in STIG process
- How Corsec handles security testing to ensure compliance
- SITG vs FEDRAMP - in terms of requirements
- How Corsec handles product updates re: the STIG
- Advice for companies getting started with STIG certification
- Role of documentation in STIG process
- Challenges in MKE STIG process
- Why Mirantis did a STIG for MKE
- Specific security features of MKE that affected DISA STIG approval
- Mirantis and Corsec collaboration
- MKE for the Public Sector
- Timelines for achieving STIG certification
- Mitigating evolving vulnerabilities
- How the SITG process for MKE impacted Mirantis engineering
If you want to listen to more episodes of Radio Cloud Native, please visit https://www.mirantis.com/radiocloudnative/ to download, or find them wherever you prefer to consume your podcasts.
If you are interested in contributing to Radio Cloud Native, please reach out to our podcast team: podcasts@mirantis.com
챕터
1. Intro (00:00:00)
2. What was Corsec Security's role in the MKE DISA STIG process? (00:01:03)
3. What are common challenges Orgs face in STIG process? (00:02:23)
4. How does Corsec help with security testing to ensure compliance? (00:07:37)
5. What makes SITG requirements unique vs FEDRAMP? (00:09:14)
6. How does Corsec handle product updates re: the STIG? (00:12:43)
7. What advice would you give to companies started out with STIG? (00:13:50)
8. Role of documentation in STIG process (00:16:46)
9. Challenges in MKE STIG process (00:20:27)
10. Why did Mirantis do a STIG for MKE? (00:23:09)
11. Specific security features of MKE that affected DISA STIG approval (00:24:46)
12. How did Mirantis and Corsec collaborate to achieve STIG certification? (00:26:31)
13. How can MKE be used in the Public Sector? (00:27:20)
14. What are typical timelines for achieving STIG certification? (00:30:19)
15. How to mitigate evolving vulnerabilities (00:31:14)
16. How has the SITG process for MKE impacted Mirantis engineering? (00:32:21)
17. Outro (00:34:33)
60 에피소드
Toate episoadele
×플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.