Twelve to sixteen hours per month. That’s how long it used to take operators to manually validate DISA STIG compliance across Kubernetes clusters.
Now, it takes seconds.
Compliance Operator, part of Rancher Government Carbide, automates DISA STIG validation for RKE2 clusters using a lightweight, integrated compliance operator. It fundamentally changes how federal teams validate cluster hardening against DISA-published STIGs. No third-party tools or extra configurations. Just faster, continuous compliance built directly into the platform.
What's New
Compliance Operator uses a Kubernetes-native operator that integrates directly into the Rancher UI. Once deployed through the Rancher application catalog, it opens a dedicated Rancher Compliance tab, where results are displayed in a structured, readable format.
Key benefits of the upgrade:
- One-file deployment. The operator installs with a single YAML file, no need for dependencies or workarounds.
- Preloaded benchmarks. DISA STIG profiles maintained by RGS are ready to use out of the box.
- Built-in reporting. Results are visible within the Rancher interface, so you don’t have to switch tools or export data.
Admins can run scans on demand or set them to run continuously. Either way, Compliance Operator reduces compliance drift with minimal manual overhead.
Check out what an install, a run, and viewing results look like with Compliance Operator:
The install:
.gif?width=1432&height=830&name=install%20(1).gif)
Running the scan:
Viewing the Results:
What This Means for Operators
Compliance Operator directly impacts how security and platform teams work day to day. With automated, integrated validation:
- Security teams can verify DISA STIG compliance as part of regular operations, not as a separate reporting task.
- Platform teams can upgrade clusters with confidence, knowing compliance checks won’t break or lag.
- Organizations can achieve faster ATO with validated evidence generated on demand.
- Manual scripting and workaround are eliminated, reducing the risk of errors and freeing up hours each month.
Purpose-built for Government Kubernetes Environments
Compliance Operator is delivered through Rancher Government Carbide, the government-hardened foundation for every Rancher Government solution. While the compliance operator itself is open source, the DISA STIG benchmark profiles it uses are created and maintained by RGS to meet U.S. federal security requirements.
This secures:
- Alignment with DISA STIGs for RKE2
- Full support for downstream cluster validation workflows
- Continued compliance with FedRAMP-authorized environments
A Better Future for Compliance Workloads
Earlier compliance tools were coupled to deprecated UI components and required custom integrations to maintain. Some relied on additional services or extensions that became unsustainable with Rancher’s move to newer frameworks. As a result, teams often postponed upgrades or manually rebuilt validation pipelines to maintain compliance checks.
Compliance Operator replaces that overhead with a simpler design, active support, and native platform integration. Teams can now validate more frequently, upgrade Rancher versions without hesitation, and focus on mission priorities instead of workaround maintenance.
This is about changing the compliance experience. We’ve taken a task that used to require hours of manual effort and made it effortless, reliable, and fully integrated. Compliance Operator is built for the way government teams operate: tight deadlines, hardened environments, and zero tolerance for drift.
Getting Started is Simple
Compliance Operator is available in the Rancher application catalog. Once enabled, the Rancher Compliance tab appears in the UI, with DISA STIG profiles ready to apply immediately, no extra configuration required.
From deployment to validation, the process takes minutes. There’s no need to delay upgrades or maintain compatibility with deprecated tooling.
With Compliance Operator, DISA STIG validation is a built-in capability that runs in seconds, transforming how Kubernetes compliance gets done.
About the Author
William Stutt is a Consulting Engineer at Rancher Government Solutions, specializing in the design and security of critical infrastructure. He brings a deep, security-first perspective, backed by a Master's in Cybersecurity and holds an ISC2 CISSP certification. With two decades dedicated to infrastructure engineering, and experience gained through prior military service, William's work focuses on designing defense-in-depth solutions that ensure government infrastructure is not only robust and highly resilient but fundamentally secure against modern threats.
Connect with William on LinkedIn here.
About Rancher Government Solutions (RGS)
Rancher Government Solutions is specifically designed to address the unique security and operational needs of the U.S. Government and military as it relates to application modernization, containers, and Kubernetes.
Rancher is a complete open-source software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters at scale while providing DevOps teams with integrated tools for running containerized workloads.
RGS supports all Rancher products with U.S.-based American citizens with the highest security clearances who are currently supporting programs across the Department of Defense, Intelligence Community, and civilian agencies.
Interested in learning more about Compliance Operator? Contact our team to learn more.
