Operations | Monitoring | ITSM | DevOps | Cloud

Compliance

CIS benchmark compliance: Introducing the Ubuntu Security Guide

The CIS benchmark has hundreds of configuration recommendations, so hardening and auditing a Linux system manually can be very tedious. Every administrator of systems that need to comply with that benchmark would wish that this process is easily usable and automatable. Why is that? Manual configuration of such a large number of rules leads to mistakes – mistakes that cause not only functional problems, but may also cause security breaches.

Ubuntu introduces the Ubuntu Security Guide to ease DISA-STIG compliance

January 17th: London, UK – Canonical, the company behind Ubuntu, the world’s most popular operating system across private and public clouds, now offers the Ubuntu Security Guide tooling for compliance with the DISA Security Technical Implementation Guide (STIG) in Ubuntu 20.04 LTS. The new automated tooling builds on Canonical’s track record of designing Ubuntu for high security and regulated workloads, powering U.S. government agencies, prime contractors, and service providers.

How to achieve CIS Compliance with Puppet

Security compliance is the new black. Everyone is talking about it. Everyone is writing about it. Hopefully everyone is doing something about it, but it's a big lift for organizations. Compliance can mean adhering to departmental and company standards; it can mean well-defined regulatory standards like HIPAA, GDPR, and others. Compliance can mean adopting a standardized set of recommended protocols for cyber security. If compliance isn't on your radar right now, it should be.

Kroger Uses JFrog Xray for Software Security and License Compliance

Kroger leverages the JFrog platform to give developers visibility into their software vulnerabilities and make informed decisions on what to fix. See how Kroger has implemented secure DevOps processes with automated vulnerability scanning and open-source software (OSS) license compliance capabilities to support their development and security teams.

IT Ops' role in strengthening security and achieving compliance

It wouldn’t be Cybersecurity Awareness month without some spooky-themed blogs with language focused on Fear, Uncertainty, and Doubt (FUD). Luckily, it’s the end of November now, and this isn’t that kind of blog, but what was true in October is still true today. I won’t tell you that you need to be afraid of bad actors infiltrating your security defenses and wreaking havoc in your infrastructure. Why? Because you are likely stressed enough already. Don’t you think?

How Automation Takes the Time and Guesswork Out of Security Compliance

As this fiscal year wraps up, many agencies are planning their response to compliance reporting requirements. Meeting these requirements—particularly in advance of an audit—can be incredibly time-consuming. While the Defense Department has made managing risk easier through Security Technical Implementation Guides (STIGs), it’s still dependent upon IT staff to help ensure their systems are continuously secure and compliant.

Obfuscate user data with Session Replay default privacy settings

Session Replay enables you to replay in a video-like format how users interact with your website to help you understand behavioral patterns and save time troubleshooting. Visibility into user sessions, however, can risk exposing sensitive data and raise privacy concerns. For example, a user session may include typing in a credit card or social security number into an input field.

Deploy Friday: E79 The Long and Winding Road towards security compliance

Platform.sh has worked hard to be the most secure, compliant, and dependable business partner possible for our customers. To that end, we're able to provide data processing agreements (DPAs) for European GDPR, German BDSG, Canadian PIPEDA, and the Australian Privacy Act. We have been successfully audited for SOC 3 Type 2 and PCI DSS Level 1 compliance, and we've got more important acronyms in the works.