Blog

Pioneering Secure by Default Open Source Kubernetes Solutions for Government

Written by RGS | November 14, 2023

The Changing Security Requirements Landscape

In the wake of watershed cybersecurity events like the SolarWinds breach and the Log4J vulnerability, federal agencies face urgent demands to secure their software supply chains. Along with emerging Congressional action and forthcoming CISA regulations, the Biden-Harris Administration’s Executive Order on Improving the Nation’s Cybersecurity (14028)1 is a direct response to these crises, imposing rigorous new standards for software security. The reality is clear: securing software supply chains is no longer optional; it’s a national imperative.

Securing Open-Source Solutions

Imagine a world where federal software supply chain mandates are already met. That is what Rancher Government Carbide delivers – a mission-ready, secure-by-design solution for U.S. government and military needs. Available with all support subscriptions, Rancher Government Solutions (RGS) built a secure by-default distribution model to protect against vulnerabilities and backed by unparalleled Kubernetes expertise without the pitfalls that come from relying on third-party integrators.

Open-source communities have long proven to be innovation grounds for some of the most valuable IT solutions within Industry today. The value of open source is the contribution opportunity for developers to come together, build on an idea, and collectively and continually make it better. While open-source software inherently provides transparency into itself and its dependencies, RGS knows the importance of unique Government requirements with heightened security capability beyond just visibility into the code base. RGS is continually providing additional functionality within the Rancher Kubernetes Platform stack that doesn’t just meet current federal requirements; but anticipates and 
prepares for what’s next. Rancher Multi-Cluster Manager can manage anyone’s Kubernetes offering and embed the security functionality of Rancher Government Carbide into it. From verifying the origin of every open-source component to conducting exhaustive vulnerability assessments and Software Bill of Materials (SBOMs), RGS already surpasses existing and emerging federal requirements. With Rancher Government Carbide, federal agencies now have a comprehensive, ready-to-deploy solution for software supply chain security in support of the Rancher Kubernetes Platform.

https://www.peters.senate.gov/newsroom/press-releases/committee-passes-peters-bipartisan-legislation-to-help-secure-open-source-software 

How RGS Meets and Exceeds EO 14028 Requirements

Armed with RGS’s mission-ready solutions and our 100% U.S.-based team, federal agencies can confidently navigate the complexities of cybersecurity compliance, meeting and exceeding today’s requirements and tomorrow’s emerging standards.

Executive Order 14028 (Section 4):

(vi) maintaining accurate and up-to-date data, provenance (i.e., origin) of software code or components, and controls on internal and third-party software components, tools, and services present in software development processes, and performing audits and enforcement of these controls on a recurring basis;

(x) ensuring and attesting to the extent practicable, to the integrity and provenance of open-source software used within any position of a product.

Through the deployment of Rancher, the additional embedded functionality of Rancher Government Carbide secures the software supply chain by verifying provenance back to a specific entity. The Carbide Secured Registry (CSR) elevates this further, offering SBOMs, vulnerability scans, and digital attestations via a secure signing key, streamlining validation processes. Rancher Government Carbide’s secured registry and supply chain artifacts are compliant with Level 3 of the Supply-chain Levels for Software Artifacts (SLSA) standard, the highest level currently attainable.

vii) providing a purchaser, a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website;

With the use of Rancher Government Carbide within the Rancher Manager Offering, you’re not just compliant; you’re secure out of the box. By generating vulnerability assessments and SBOMs 
for both Rancher and its dependencies, Carbide ensures every tool deployed in sensitive environments meets strict security and compliance standards.

“Cybersecurity has to be baked in as we build systems. We need to think in terms of the cost of not doing.”

DAF - CIO Venice Goodwine

Rancher Government Carbide simplifies compliance by automatically scanning downstream clusters with its specialized Security Technical Implementation Guides (STIG) operator, STIGATRON. It continuously monitors and provides live compliance reporting, monitoring, and alerting to ensure accurate, automated controls in common cyber-compliant formats.

(ix) attesting to conformity with secure software development practices; and

About Rancher Government Solutions (RGS)

Rancher Government Solutions is specifically designed to address the unique security and operational needs of the U.S. Government and military as it relates to application modernization, 
containers, and Kubernetes.

Rancher is a complete open-source software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters at scale while providing DevOps teams with integrated tools for running containerized workloads.

RGS supports all Rancher products with U.S.-based American citizens with the highest security clearances who are currently supporting programs across the Department of Defense, Intelligence Community, and civilian agencies. 

Interested in learning more about our secure by default Kubernetes solutions?