August 23, 2023
Our journey at Rancher Government Solutions (RGS) has always been driven by a commitment to uncompromising security, reliability, and scalability. As we’ve developed and fine-tuned our products, this dedication has guided us, inspiring us to push boundaries and redefine what’s possible in Kubernetes security.
A Milestone in Kubernetes Security
Today, we’re thrilled to share an achievement that affirms this commitment – an achievement that sets a new industry standard and propels us into the next stage of our journey.
Recently, The Defense Information Systems Agency (DISA) publicly posted our updated STIGs for RKE2 (v1.25.x) and Rancher Multi-Cluster Manager (MCM) (v2.7.x). This milestone signifies a pivotal validation of RGS’ security posture, reinforcing our dedication to providing the highest level of security for our customers.
This update showcases the robust security of these solutions, which the Department of Defense (DoD) and the U.S. Government can now confidently deploy on their network systems. As the only company with approved Kubernetes management platform and distribution STIGs officially recognized and published by DISA, it demonstrates our adherence to DISA’s rigorous review process and compliance with DoD’s high-security standards.
Leveraging the power of these validations, we’ll be integrating the STIG profiles into our proprietary tool, STIGATRON. Constructed within our add-on support service, Rancher Government Carbide, STIGATRON is a compliance tool built to automate the validation of downstream clusters, ensuring they meet the rigorous securing standards set by the STIG cluster.
Unwavering Commitment to Security
Security in the digital world isn’t merely an added advantage; it’s a necessity. And for our team at RGS, it’s more than that – it’s an obsession. Our mission, our focus, our relentless pursuit, centers on providing our U.S. Government customers—specifically the Department of Defense (DoD) – with the most secure, robust, and reliable Kubernetes solutions on the market.
The addition of STIG profiles for RKE2 and Rancher MCM is a testament to this pursuit. With STIGATRON’s automatic validation of downstream clusters’ security and comparison to the STIG cluster, U.S. Government customers can rest assured they’re meeting the strictest security standards, thus minimizing the risk of digital threats.
What else does this mean for our customers? It means peace of mind, knowing that their crucial data and systems are safeguarded by the highest security standards. It also means efficiency. With the automation of security validation, the U.S. Government and DoD can focus on what they do best, leaving the intricate task of security checks to us.
The Road Ahead
While this significant validation is a mark of our dedication to meet and exceed the security needs of the U.S. Government, DoD, and IC, our journey does not stop here. Looking forward, we will continue championing digital transformation and application modernization, ensuring secure Kubernetes deployments across all environments.
Among our exciting next steps, we are actively pursuing STIG validation for our hyper-converged infrastructure solution, Harvester. Designed with modern, open, interoperable principles, Harvester provides a robust foundation for simplifying operational stacks. When used in tandem with Rancher MCM, Harvester allows for efficient management of both virtual and container workloads side by side. This unique feature empowers enterprises to navigate the complexities of their infrastructure and scale confidently using innovative cloud-native solutions.
We believe in the power of open-source, and that’s why Harvester stands on the shoulder of proven and mature open-source software components deviated from proprietary kernels.
As we continue to move forward, we remain committed to prioritizing security and reliability in all our offerings. We are excited to bring you along as we continue revolutionizing Kubernetes deployments and security, ensuring we are prepared for whatever the future brings.
Learn more about our U.S. government-ready open-source platform products here.