-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add us and update compliance * Add videos links * minor updates * update video links * further compliance updates * fix linting issues * fix vale feedback * fix more vale feedback * vale feedback * bump vale * fix vale feedback --------- Co-authored-by: [email protected] <[email protected]>
- Loading branch information
1 parent
32c177c
commit 21213f7
Showing
19 changed files
with
401 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Backup Strategy | ||
|
||
The **3-2-1-1-0 Backup Rule** is a modern extension of the traditional backup strategy designed to ensure data protection and recovery. Here's what it stands for: | ||
|
||
- **3 Copies of Your Data**: Keep three copies of your data: the primary data and two backups. This ensures redundancy. | ||
- **2 Different Storage Types**: Store backups on at least two different types of media (e.g., disk and tape, or local and cloud) to avoid single points of failure. | ||
- **1 Offsite Backup**: Keep one backup copy offsite, such as in a remote data center or a cloud service, to protect against local disasters. | ||
- **1 Immutable Backup**: Have at least one backup that is immutable or air-gapped, ensuring it cannot be modified or deleted (e.g., WORM storage or offline backups). | ||
- **0 Errors After Backup Verification**: Regularly verify and test backups to ensure they are error-free and can be restored when needed. | ||
|
||
This rule provides a comprehensive approach to safeguarding against data loss due to hardware failure, natural disasters, cyberattacks, or human error. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# CIS Benchmarks | ||
|
||
!!! danger "Disclaimer" | ||
|
||
It is important to note that the information provided in this document is for general informational purposes only. Any liability for the completeness, accuracy, timeliness, or reliability of the content is expressly excluded. Organizations are advised to consult with legal, compliance, or technical experts to ensure that their specific compliance and security needs are adequately addressed. | ||
|
||
The CIS Kubernetes Benchmark provides over **120 recommendations** for securing Kubernetes environments, addressing critical areas such as access control, data protection, and cluster configuration. SAAP plays a pivotal role in enabling compliance with these recommendations by leveraging Kubernetes features and advanced security configurations. | ||
|
||
- **Total Recommendations in CIS Kubernetes Benchmark**: 120+ | ||
- **Key Areas Covered**: Control Plane Security, Worker Node Security, Network Security, Data Protection, and Pod Security. | ||
|
||
## Recommendations Addressed by SAAP | ||
|
||
- **Fully Applicable Recommendations**: SAAP enables compliance with 70–80 recommendations through Kubernetes-native features and configurations. Key examples include: | ||
|
||
- **Control Plane Security**: | ||
- Enforcing Role-Based Access Control (RBAC) to restrict unauthorized access. | ||
- Securing API server communication with TLS encryption. | ||
- **Node Security**: | ||
- Disabling anonymous Kubelet access (--anonymous-auth=false). | ||
- Restricting workload communications with NetworkPolicies. | ||
- **Data Protection**: | ||
- Encrypting Secrets in etcd using Kubernetes encryption providers. | ||
- **Pod Security Standards (PSS)**: | ||
- Ensuring workloads run with non-root users and minimal privileges. | ||
|
||
- **Partially Applicable Recommendations**: SAAP supports an additional 30–40 recommendations through configurable features and organization-specific configurations. For example: | ||
|
||
- **Audit Logging**: SAAP enables centralized logging and monitoring but requires the organization to actively review and act on the logs. | ||
- **Runtime Security**: Provides mechanisms to monitor workloads but relies on organization-defined actions for runtime behavior validation. | ||
- **Container Image Security**: Enforces trusted container image policies but depends on organizational processes to ensure compliance with image signing and verification standards. | ||
|
||
SAAP directly or partially addresses over **100 recommendations** from the CIS Kubernetes Benchmark, making it a comprehensive solution for securing Kubernetes workloads. By focusing on technical enforcement, automation, and integration, SAAP simplifies the path to compliance, reducing the operational burden for organizations. | ||
|
||
This robust support makes SAAP an essential platform for adopting and maintaining secure Kubernetes environments, ensuring alignment with CIS best practices while enabling scalability, operational efficiency, and enhanced security. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# DORA | ||
|
||
!!! danger "Disclaimer" | ||
|
||
It is important to note that the information provided in this document is for general informational purposes only. Any liability for the completeness, accuracy, timeliness, or reliability of the content is expressly excluded. Organizations are advised to consult with legal, compliance, or technical experts to ensure that their specific compliance and security needs are adequately addressed. | ||
|
||
DORA (Digital Operational Resilience Act) is a European Union regulation designed to ensure the resilience of financial entities against operational disruptions and cyber threats. SAAP plays a critical role in enabling compliance with DORA by leveraging Kubernetes features and configurations to address its requirements. | ||
|
||
- **Total Articles in DORA**: 5 | ||
- **Key Provisions in DORA**: Multiple detailed requirements across areas such as ICT risk management, incident response, and third-party risk management. | ||
|
||
## Provisions Addressed by SAAP | ||
|
||
SAAP facilitates the implementation of critical provisions enforceable through Kubernetes configurations and features. These include: | ||
|
||
- **ICT Risk Management Framework**: Leveraging Kubernetes features such as Pod Security Standards (PSS), Role-Based Access Control (RBAC), and audit logging to establish a robust ICT risk management framework. | ||
- **Incident Response and Recovery**: Providing monitoring, logging, and disaster recovery capabilities using Kubernetes-native and compatible solutions for observability and backup. | ||
- **Operational Resilience Testing**: Supporting resilience testing through tools and practices that align with chaos engineering principles and load testing methodologies. | ||
- **Third-Party Risk Management**: Enforcing network isolation with Kubernetes NetworkPolicies and validating compliance through policy enforcement mechanisms. | ||
- **Information Sharing**: Enabling secure data exchange via encryption, secure storage practices, and secrets management within Kubernetes. | ||
|
||
SAAP addresses a substantial number of DORA provisions, empowering financial entities to align their Kubernetes-based workloads with regulatory requirements. By focusing on technical measures and leveraging Kubernetes capabilities, SAAP simplifies the path to operational resilience and compliance. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# HIPAA | ||
|
||
!!! danger "Disclaimer" | ||
|
||
It is important to note that the information provided in this document is for general informational purposes only. Any liability for the completeness, accuracy, timeliness, or reliability of the content is expressly excluded. Organizations are advised to consult with legal, compliance, or technical experts to ensure that their specific compliance and security needs are adequately addressed. | ||
|
||
HIPAA (Health Insurance Portability and Accountability Act) establishes safeguards for the protection of electronic Protected Health Information (ePHI). SAAP (Stakater App Agility Platform) enables technical compliance with HIPAA’s Security Rule by leveraging Kubernetes features and integrations to enforce technical safeguards. | ||
|
||
- **Total Safeguards in HIPAA Security Rule**: 3 (Administrative, Physical, Technical) | ||
- **Technical Safeguard Provisions Addressed by SAAP**: 5 | ||
|
||
## Safeguards Addressed by SAAP | ||
|
||
- **Directly Applicable Safeguards**: SAAP enables the direct implementation of safeguards for secure Kubernetes-based workloads. These include: | ||
|
||
- **Access Control (164.312(a)(1))**: Managing access through role-based policies and workload isolation. | ||
- **Audit Controls (164.312(b))**: Recording and monitoring access through centralized logging and immutable storage. | ||
- **Transmission Security (164.312(e)(1))**: Protecting data during transmission using encryption and communication isolation. | ||
|
||
- **Partially Applicable Safeguards**: Some safeguards are partially addressed, requiring additional integrations or organizational policies: | ||
|
||
- **Integrity (164.312(c)(1))**: Validating workloads and enabling backup solutions for critical data. | ||
- **Person or Entity Authentication (164.312(d))**: Strengthening access verification through layered authentication and granular permissions. | ||
|
||
SAAP directly addresses key technical safeguards within the HIPAA Security Rule by leveraging Kubernetes’ native features and best practices. It enables healthcare organizations to secure their Kubernetes-based workloads, simplify compliance efforts, and protect sensitive ePHI data. While SAAP primarily focuses on technical safeguards, compliance with administrative and physical safeguards requires broader organizational policies and processes. | ||
|
||
By integrating SAAP’s capabilities into their infrastructure, organizations can: | ||
|
||
- Implement strong access control mechanisms to protect sensitive information. | ||
- Facilitate monitoring and auditing of system activities to ensure compliance. | ||
- Protect the integrity and confidentiality of ePHI both at rest and in transit. | ||
|
||
SAAP enables organizations to align with HIPAA regulations while streamlining the management of modern cloud-native environments. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.