Container compliance for Docker + Kubernetes.

Regulatory compliance with Sysdig Secure.

Sysdig Secure compliance icon

Container compliance made easy.

Automatically enforce compliance requirements for CIS, PCI-DSS, GDPR, as well as implement custom compliance controls for Docker and Kubernetes environments.


Compliance assurance across the container lifecycle.

Container compliance for Docker + Kubernetes

Read our PCI guide for container compliance.

Download now

enforce icon

Enforce Kubernetes + Docker lifecycle compliance.

Maintain a strict security compliance posture across nodes, containers and Kubernetes from build through production and forensics.

Automate icon

Automate regulatory compliance standards.

Enforce regulatory container compliance controls for CIS benchmarks, PCI SCC, HIPAA, etc across the cloud-native application lifecycle via an automated workflow.

dashboard icon

Visualize container compliance via dashboards + analytics.

Leverage flexible compliance dashboards and historical data to analyze security trends and report on regulatory compliance, both to internal and external auditors.

Enforce Kubernetes compliance across the entire lifecycle.

Docker container compliance scanning
pre-deployment

Pre-deployment container compliance scanning.

The adoption of a shift-left security model results in a much smaller impact to an enterprise’s compliance posture in the event of a security incident. Sysdig bakes container and Kubernetes compliance checks early in the lifecycle, allowing DevOps to leverage compliance scanning policies and container image scanning in your CI/CD pipeline (Jenkins, Bamboo, etc) or any Docker v2 registry prior to production. These policies can check anything from container image metadata, contents, licenses, vulnerabilities, and Dockerfile instructions.

Assess compliance on Docker + Kubernetes configuration.

Enterprises need to ensure configurations across their infrastructure are compliant – from hosts and nodes to the service configuration file inside all running containers. Sysdig leverages certified container and Kubernetes compliance benchmarks like docker-bench or kube-bench to validate configuration at every logical layer of your infrastructure:

  • Hosts system configuration
  • Kubernetes cluster configuration
  • Docker engine configuration
  • Containerized microservices deployment configuration

Assess compliance on Kubernetes
Docker compliance guided remediation

Guided remediation for Docker + Kubernetes compliance.

In the event of a CIS Kubernetes and Docker benchmark configuration drift, users can leverage guided remediation tips in Sysdig to apply best practices for maintaining container compliance, saving security professionals and DevSecOps time when issues arise.

Runtime compliance checks for Docker + Kubernetes.

Runtime operational drift means that your running containers can be manipulated, hijacked or just behave in ways you didn’t expect due to software bugs, including:

  • Modification of system binaries after startup
  • Unauthorized file access to database containers
  • Users spawning shells inside privileged containers

Sysdig will detect any anomalous runtime behavior responding with just a security event or blocking the threat.

Kubernetes compliance checks
Kubernetes API audit compliance

Kubernetes API activity audit.

Kubernetes API events are an invaluable resource for auditing activity in your Kubernetes cluster. Sysdig provides you with Kubernetes-specific rules that lets you:

  • Audit secret management, access and creation
  • Alert on requests by unauthorized users
  • Identify creation of pods with configuration that violate your policy
  • Alert on the suspicious creation or user binding of privileged roles
  • Identify creation of resources in restricted namespaces like kube-system

Automate regulatory compliance standards.

Regulatory container compliance standards are comprehensive and require heavy manual effort by compliance teams to map these mandates to their organization’s requirements. Sysdig alleviates this process by translating leading security standards into a set of up-to-date, curated bundles for container and Kubernetes compliance that can be run on demand.

CIS Benchmarks for Docker & Kubernetes

Out of the box checks for CIS Docker & Kubernetes Benchmarks that allow you to enforce and manage compliance across your Kubernetes and container lifecycle.

Container NIST SP 800-190 / NIST 800-53

NIST SP 800-190 policies are designed to inform security professionals with a clear understanding of NIST framework of recommended actions to secure their cloud-native environment.

Container PCI DSS

Sysdig partners with PCI Security Standards Council to help implementing PCI. Learn more about PCI compliance in A guide to Kubernetes & containers PCI complaince.

Container compliance dashboards + analytics.

Docker and Kubernetes compliance reports
container compliance

Automated container and Kubernetes compliance reports.

DevSecOps agility means that container compliance needs to be as automated and agile as possible, to avoid interfering with software delivery. Security teams need to be able to provide an up-to-date compliance status evaluation to internal or external auditors on-demand.

Tailored Kubernetes compliance policies for different environments.

A compliance policy is much more than a collection of rules. Using Sysdig, security teams can define a set of compliance policies to be applied to any subset of the infrastructure, scoped to a specific environment, application or namespace. This granular policy also mitigates alert fatigue. 

  • Production vs staging vs development environments
  • Internal-only vs external facing applications
  • Infrastructure Kubernetes namespaces and pods vs application namespaces
  • Stateless deployments vs deployments holding sensitive customer data

.

Compliance Kubernetes scoped
Compliance dashboards

Compliance dashboards, metrics + security trends.

Beyond generating robust reports, the Sysdig platform can also translate various security benchmarks into a set of security metrics (90+).

  • Analyze security trends: compare your security posture to any previous point in time
  • Visualize: understand the risk and compliance posture of:
    • Entire organization or just certain applications
    • Across on-prem or multi-cloud environments
    • Deployments sorted by compliance security severity level
  • Alert: Notify when a compliance metric falls below your accepted policy

By extending container compliance into Sysdig’s monitoring dashboards, DevSecOps and security teams can quickly visualize patterns and trends and gain valuable insights into their compliance posture.

Branden Makana

Let’s say the CFO is having some questions about our infrastructure. We can bring up Sysdig and show our dashboards.

JUAN MORALES, DEVOPS ENGINEER, QUBY

Are You Ready to Begin?

We're excited to talk with you.


Sysdig Monitor

Whitepapers

A guide to PCI Compliance in containers.

In this document we'll review PCI compliance initiatives, how containers change your PCI compliance lifecycle, and how Sysdig allows you…

Sysdig Monitor

Papers

Kubernetes security guide.

Adopting a cloud-native architecture and a DevOps approach to development demands changes to your IT architecture. This guide provides best…