In this month's episode, John Jainschigg, Director of Open Source Initiatives at Mirantis hosts Kathleen Moyer, Director of Service Delivery at Corsec Security, and William Konitzer, Senior Solution Architect at Mirantis, to explore the recently achieved DISA STIG certification for Mirantis Kubernetes Engine (MKE). Together, they dive into the intricate certification process that enables public sector and enterprise users to deploy secure, compliant applications using MKE.

Listeners will gain insights into the collaborative effort between Mirantis and Corsec Security, where Kathleen shares her 25 years of expertise in security certifications, detailing how Corsec facilitated the process with government agencies like DISA and the DoD. William provides a behind-the-scenes look at the technical challenges and solutions that ensured MKE met stringent Department of Defense (DoD) security standards without compromising usability or performance. Furthermore, he highlights some of the team's learnings in the context of how it changed the thought process of Mirantis' engineering teams when it came to security.

Achieved in early 2024, this milestone positions MKE as a powerful tool for public sector organizations and industries with specific security and compliance needs. Whether you’re navigating public sector compliance requirements or interested in secure cloud native solutions, this episode offers practical advice and unique perspectives on implementing and managing a STIG-compliant Kubernetes platform.

A full list of this episode's topics include:

• Corsec Security's role in the MKE DISA STIG process
• Common challenges Orgs face in STIG process
• How Corsec handles security testing to ensure compliance
• SITG vs FEDRAMP - in terms of requirements
• How Corsec handles product updates re: the STIG
• Advice for companies getting started with STIG certification
• Role of documentation in STIG process
• Challenges in MKE STIG process
• Why Mirantis did a STIG for MKE
• Specific security features of MKE that affected DISA STIG approval
• Mirantis and Corsec collaboration
• MKE for the Public Sector
• Timelines for achieving STIG certification
• Mitigating evolving vulnerabilities
• How the SITG process for MKE impacted Mirantis engineering

If you want to listen to more episodes of Radio Cloud Native, please visit https://www.mirantis.com/radiocloudnative/ to download, or find them wherever you prefer to consume your podcasts.

If you are interested in contributing to Radio Cloud Native, please reach out to our podcast team: podcasts@mirantis.com