https://www.aquasec.com/tag/cloud-compliance/ Cloud Native Security, Container Security & Serverless Security Thu, 11 Jul 2024 14:52:46 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/compliance-to-implementation-exploring-dora-and-nis-2-frameworks/ Wed, 10 Jul 2024 15:01:49 +0000 https://www.aquasec.com/?p=20860 The importance of cybersecurity and operational resilience in the financial sector has never been more pronounced. The European Union (EU) has been at the forefront of addressing these critical issues, enacting comprehensive legislations to safeguard the digital infrastructure and ensure the continuity of financial services. Two pivotal pieces of legislation in this domain are the …]]> https://www.aquasec.com/blog/trivy-kubernetes-cis-benchmark-scanning/ Wed, 19 Apr 2023 09:59:00 +0000 https://www.aquasec.com/?p=14431 CIS (Center for Internet Security) compliance scanning is a standard in Kubernetes (K8s) security and is widely adopted across the industry with implementations in several security scanners. Kube-bench, an open source project developed by Aqua Security was one of the first projects to provide Kubernetes CIS compliance scanning and became a staple in K8s security. …]]> https://www.aquasec.com/blog/white-house-shifts-cybersecurity-strategy-to-drive-resilience/ Fri, 03 Mar 2023 17:00:41 +0000 https://www.aquasec.com/?p=14459 This week, the White House released its updated National Cybersecurity Strategy detailing the comprehensive approach the U.S. Government’s Administration is taking to cybersecurity. The strategy contains a set of three pillars that outline collaboration between public and private sectors, dealing with systemic challenges within cybersecurity and realignment of incentives for the industry. Pillar Three specifically …]]> https://www.aquasec.com/blog/uber-verdict-a-ciso-game-changer/ Thu, 15 Dec 2022 15:58:16 +0000 https://www.aquasec.com/?p=14521 In early October, the US Department of Justice announced that a verdict had been reached in the case against former Uber CISO Joe Sullivan, finding him guilty of two counts associated with covering up a data breach at the company. What made the Uber data breach case particularly noteworthy was that it was not seeking …]]> https://www.aquasec.com/blog/achieve-software-supply-chain-compliance-with-us-executive-order-14028/ Tue, 06 Dec 2022 11:00:00 +0000 https://www.aquasec.com/?p=14537 Thanks to many factors like the rise of the cloud infrastructure, the abundance of prebuilt open-source code, and process improvements in DevOps, innovating with software is happening faster than ever. The software supply chain is the assembly line for these technological innovations and can be thought of as any combination of code, tools, and processes …]]> https://www.aquasec.com/blog/cis-software-supply-chain-compliance/ Thu, 14 Jul 2022 16:43:44 +0000 https://www.aquasec.com/?p=14706 The Center for Internet Security (CIS) has recently released the Software Supply Chain Security Guide, a set of practical, community-developed best practices for securing software delivery pipelines. As an initiator and one of the main contributors to this comprehensive and much-needed guidance, we at Aqua aim to help DevOps teams and the broader cloud native …]]> https://www.aquasec.com/blog/pci-dss-compliance-in-cloud-native/ Wed, 24 Nov 2021 14:59:41 +0000 https://www.aquasec.com/?p=15056 The Payment Card Industry Data Security Standard (PCI DSS) is a well-known compliance framework for any organization handling payment card data. However, translating the PCI DSS requirements into the world of containers and Kubernetes can be overwhelming. In this post, we break down how containerized applications impact PCI DSS compliance and how to meet its …]]> https://www.aquasec.com/blog/cis-benchmark-scanner/ Wed, 30 Jun 2021 09:30:00 +0000 https://www.aquasec.com/?p=15221 One of the challenges with container security and its standards is keeping current with new releases and products. New versions of the Docker and Kubernetes CIS Benchmarks were released recently to capture changes in the new versions of those projects, both to keep things current and to expand coverage to help people keep their environments …]]> https://www.aquasec.com/blog/automate-kubernetes-compliance/ Tue, 04 May 2021 13:48:05 +0000 https://www.aquasec.com/?p=15282 Last year, we first released Starboard Operator, which automates vulnerability scanning and configuration auditing of Kubernetes workloads. We’re now pleased to announce the latest release (v0.10), which is focused on infrastructure and adds CIS Kubernetes Benchmark testing using kube-bench. The operator automatically discovers nodes and runs kube-bench on each node to get the benchmark score. …]]> https://www.aquasec.com/blog/kubernetes-security-risk-explorer/ Thu, 11 Jun 2020 10:21:46 +0000 https://www.aquasec.com/?p=15577 If you’re running workloads on Kubernetes, one of the toughest things to understand is where you have security gaps. Yes, there are CIS benchmarks and configurations to tweak, but they are generalized and won’t highlight the risks in workloads that are actually running in your clusters. The Aqua Risk Explorer’s dynamic display of workloads and …]]>