While most people are familiar with the fact that Federal computing standards require us to run our information systems on hardened and secured computers, did you know that the latest policies also require you to apply the same security prinicples to your development environment—including workstations and build systems?
I mean, your ISSO may have mentioned the DevSecOps Reference Design here and there, but maybe you haven't sat down and read it yet. And who's to blame you? We all have systems we're working hard to build, after all!
Thankfully, Nému has you covered!
Now that DISA has released guidance on Ubuntu and macOS, everyone is back on the same page. As of today, we've released our Ubuntu 18.04 LTS and Apple macOS 10.14 (Mojave) STIG profiles - both available for download in our Store, and Ubuntu also available in the AWS Marketplace.
So next time you run into the ISSO in the hallway, instead of breaking out in a nervous sweat, you can easily tell her your development process is fully aligned with the latest guidance.
(Ubuntu 16.04 and macOS 10.13 support coming soon; We'll hurry faster if any of you urgently need it. Just let us know!)
Late breaking update: On the 27th of August, DISA has released the macOS 10.15 Catalina STIG version v1r1 to the public. We have implemented this profile, and it is available today (also the 27th).
Yes, we're that fast.
Disclaimer: We have been told that it's technically possible to boot macOS virtual machines on AWS baremetal instances, but can't recommend you do that due to our healthy respect for Apple's legal team. Be sure to ask an approved Mac hosting facility what their CC SRG posture is. STIG: Security Technical Implemenation Guidelines. DOD: Department of Defense. And impressive fireworks! ISSO: Information Systems Security Officer. Who you definitely want to be happy. AMIs: Amazon Machine Images. And Nému means Cloud!
Nému Corporation builds innovative products and solutions that take all the work out of securing your enterprise systems. Whether you are using our Hardened Amazon AMIs to secure your Amazon cloud workloads, or you want to harden your on-premises systems with our Nému Hardened Computing platform, your engineers can spend less time thinking about your security posture, and more time thinking about your mission.
Find out more at nemu.us.