Security shouldn't be a black box. π¦
We chatted with @AaronLippold from @MITREcorp about why SAF is open source: "It was built to solve a problem for everybody, not just us."
Read why collabs beat monetization in our latest blog: https://anchore.com/blog/stig-in-action-4-lessons-on-automating-compliance-with-mitre-saf/
νΉμ μ¬λ¬λΆμ .NETμ΄ λ―Έ κ΅λ°©λΆ(DoD)μ κ°μ₯ κΉλ€λ‘μ΄ λ³΄μ κ°μ΄λλΌμΈμΈ STIGλ₯Ό 100% μΆ©μ‘±νλ κΈ°μ μ΄λΌλ μ¬μ€μ μκ³ κ³μ ¨λμ?
κ·Έλμ 'κ΅°μ© μμ€μ νλλ'μ μμμ μ λ¬Έκ°λ§μ΄ λ§λν 리μμ€λ₯Ό ν¬μ ν΄ κ΅¬μΆν μ μλ λμ μ±λ²½κ³Όλ κ°μμ΅λλ€. νμ§λ§ μ΄μ Dockerμ .NETμ νμ μΌλ‘ νμν Docker Hardened Images(DHI)κ° κ·Έ μ₯λ²½μ νλ¬Όμμ΅λλ€.
π‘οΈ μ .NET κ°λ°μμ κΈ°μ μ΄ DHIμ μ£Όλͺ©ν΄μΌ ν κΉμ?
κ²μ¦λ κΈ°μ μ μ μ : .NETμ μ΄λ―Έ μ μΈκ³ κΈμ΅κ³Ό 곡곡, κ΅λ°© λΆμΌμμ μ λ’°λ°λ νλ«νΌμ λλ€. DHIλ μ΄ μ λ’°λ₯Ό 'μΈμ¦'μ ννλ‘ κ°κ΄ννμ΅λλ€.
보μμ λ―Όμ£Όν: STIG 100% μ€μ, FIPS μνΈν μΈμ¦κ³Ό κ°μ μ΅κ³ λ±κΈμ 보μ μ€μ μ μ΄μ λ³λμ 볡μ‘ν κ³Όμ μμ΄ λ² μ΄μ€ μ΄λ―Έμ§ κ΅μ²΄λ§μΌλ‘ μ¦μ μ μ©ν μ μμ΅λλ€.
νν μλ μκ²°μ±: λ¨μν μ·¨μ½μ μ μ€μ΄λ μμ€μ λμ΄, μ€κ³ λ¨κ³λΆν° 보μμ΄ λ΄μ¬λ(Secure-by-Design) μ΅μμ μΈνλΌλ₯Ό νμ€νλ λ°©μμΌλ‘ 곡κΈλ°κ² λ©λλ€.
μ΄μ .NET κ°λ°νμ "μ°λ¦¬ μλΉμ€κ° μΌλ§λ μμ νκ°?"λΌλ μ§λ¬Έμ λν΄, "λ―Έ κ΅λ°©λΆ νμ€μ 100% μ€μνλ νλλ κΈ°μ μ μ¬μ©νκ³ μλ€"λ κ°μ₯ κ°λ ₯ν λ΅λ³μ λ΄λμ μ μμ΅λλ€.
κΈλ‘λ² μμ€μ 보μ κ²½μλ ₯μ ν보νκ³ μΆμ .NET 리λμ κ°λ°μλΆλ€μ μν΄ μμΈν κ°μ΄λμ μΈμ¬μ΄νΈλ₯Ό 곡μ ν©λλ€.
π μμΈ λ΄μ© 보기: https://forum.dotnetdev.kr/t/docker-hardened-image-dhi-net/14171
#dotNET #λ·λ· #보μ #CyberSecurity #DHI #STIG #FIPS #μν°νλΌμ΄μ¦ #λμ§νΈνΈλμ€ν¬λ©μ΄μ #DevSecOps
Is there any good #opensource
Security Technical Implementation Guide #STIG viewer for #Linux? #security
Tired of manual STIG compliance? π© Our on-demand webinar shows how to automate security validation for VMs and containers, saving you from paper checklists and endless audits.
Watch it here π https://go.anchore.com/webinar-stig-in-action-with-mitre/ #DevSecOps #STIG #Cybersecurity
Tired of manual STIG compliance? π© Our on-demand webinar shows how to automate security validation for VMs and containers, saving you from paper checklists and endless audits.
Watch it here π https://go.anchore.com/webinar-stig-in-action-with-mitre/ #DevSecOps #STIG #Cybersecurity
Today we're excited to announce new investments in the πΊπΈ U.S. Public Sector to enhance protection of #OT, #IoT, #IoMT and Facility-related control systems/Building Management Systems...
Introducing our enhanced #ExposureManagement and #Federal Information Security Modernization Act support with Security Technical Implementation Guide (#STIG)-hardened configuration management controls. These π capabilities within Claroty Continuous Threat Detection (CTD) will enable greater efficiency and operational improvements across U.S. Federal Departments and Agencies, State, Local and Education, and the #defense industrial base, when protecting increasingly vulnerable CPS assets.
π° Read more: https://claroty.com/press-releases/claroty-bolsters-on-premise-capabilities-for-securing-the-us-public-sector
#PublicSector #PubSec #ClarotyFederal #BMS #FRCS #FISMA #SLED #DoD
This episode of #OpenSourceSecurity I chat with Aaron Lippold from MITRE about #STIG automation (it's one big open source project)
STIG has historically been incredibly difficult and a bit of a niche space. Thanks to #FedRAMP it's getting more attention than ever before, and the work Aaron has been doing makes it a lot easier
https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/
π’ T-30 MINUTES π’ Join our live webinar "STIG in Action with MITRE" where we'll dive deep with real-time demos on #STIG in real-world scenarios. Learn how Anchore and MITRE can help automate #compliance for #security and operations teams.
π’ TOMORROW π’ Join our live webinar "STIG in Action with MITRE" where we'll dive deep with real-time demos on #STIG in real-world scenarios. Learn how Anchore and MITRE can help automate #compliance for #security and operations teams. Register now: https://get.anchore.com/webinar-stig-in-action-with-mitre/
β‘ Tech teams: Struggling with #STIG compliance? Join our webinar with MITRE and learn about the latest NIST and FedRAMP protocol and how to automate #STIG requirements and compliance in a live demo. Save your seat: https://get.anchore.com/webinar-stig-in-action-with-mitre/
π How are leading organizations implementing #STIG requirements at scale? Join our technical #webinar and live demo with Anchore and MITRE experts to see compliance automation in action. Reserve your spot: https://get.anchore.com/webinar-stig-in-action-with-mitre/ #SecurityCompliance #STIG
π’ WEBINAR ALERT: Join us for "STIG in Action with MITRE" where we'll dive deep with real-time demos on #STIG in real-world scenarios. Learn how Anchore and MITRE can help automate compliance for security and operations teams. Register now: https://get.anchore.com/webinar-stig-in-action-with-mitre/
TuxCare releases Security Technical Implementation Guide for @almalinux OS 9
https://www.linux-magazine.com/Online/News/TuxCare-Has-a-Big-AlmaLinux-9-Announcement-in-Store
#TuxCare #AlmaLinux #security #STIG #enterprise
FYI, it looks like DISA released a new version of STIG viewer, if you use it grab it while you can.
And we are live at #WEST2025 in San Diego. See us at booth #4227 where our team looks forward to discussing your #DevSecOps, #SBOMs, #STIG and #vulnerability scanning needs and show you the latest features of Anchore. Book time with us https://get.anchore.com/2025-01-afcea-west-2025/
T-1 for WEST 2025. If you are heading to San Diego - make sure to stop by our booth #4227 and learn more about our #SBOM powered #SCA solution. If you are running #containers - let's get you a live demo on how we secure them. Meet our experts on #DevSecOps, SBOMs, #STIG and compliance. Book time with us https://get.anchore.com/2025-01-afcea-west-2025/
Joining WEST 2025 in person? You will find us at booth #4227 where our team looks forward to discussing your #DevSecOps, #SBOMs, #STIG and v#ulnerability scanning needs and show you the latest features of Anchore. Book time with us today! https://get.anchore.com/2025-01-afcea-west-2025/
Ready to build security into your software from the ground up? See how @MITREcorp SAF helps you automate #STIG guidance and achieve #compliance efficiently. Full story here: https://anchore.com/blog/automate-stig-compliance-with-mitre-saf/ #DevSecOps
