DEVOPSdigest

Chef announced the achievement of three significant security milestones, helping its government and enterprise customers ensure that they can achieve and maintain the secure infrastructure needed to accelerate their cloud strategies.

These include Secure Technical Implementation Guidelines (STIG) profiles for RHEL 7 and Windows Server 2016 in Chef InSpec, along with FIPS 140-2 compliance and Center for Internet Security (CIS) certification for AWS Foundations Benchmarks Level 1 and 2 in Chef Automate. Chef is the first CIS partner to achieve certification across AWS, Microsoft Azure and Google Cloud Platform, giving its customers maximum flexibility when choosing and securing cloud platforms.

Chef has worked closely with federal, government and enterprise organizations to automate the way they build and manage their infrastructure and enable compliance as code. The capacity to not only automate configuration but also ensure compliance and remediate vulnerabilities, is critical to automating infrastructure, particularly in highly-regulated industries.

Chef InSpec incorporates compliance processes into every stage of users’ development cycles, significantly mitigating these concerns. Chef and Chef InSpec enable continuous compliance by allowing customers to automatically resolve potential compliance issues without human intervention.

Cloud platforms offer easy-to-use resources for configuring access control, data storage and virtual networking, giving organizations the tools to scale their environments quickly. But with these new tools come new guidelines and best practices for securing them properly. STIG profiles let Chef customers determine whether their cloud implementations meet the requirements outlined within the benchmarks and provide actionable insights regarding where insecure configurations are found. New CIS benchmarks deliver prescriptive implementation criteria for each cloud provider, while FIPS compliance enables government organizations to take maximum advantage of InSpec compliance automation at scale.

“The security milestones announced today give our customers the tools and the confidence they need to accelerate their most critical cloud initiatives,” said John Snow, Senior Software Development Engineer and Federal Content Lead at Chef. “This work builds on our long history of close collaboration with government users and the organizations that support them, furthering our ongoing commitment to provide the most innovative and easy-to-use application delivery and compliance automation solutions available to organizations of all types.”