EKS add-on images are not FIPS-compliant for FedRamp

0

Hi everyone, I wonder what should customers undergoing FedRamp do with EKS add-on images, which are not FIPS compliant? Namely, those are 'kube-proxy', 'coredns', 'aws-ebs-csi-driver', 'aws-network-policy-agent', 'cloudwatch-agent', etc - there are many more. Since those images are provided by AWS, one would expect AWS to provide their FIPS-compliant versions as well. However, I couldn't find any guidance on that. Is it customer's responsibility to recreate those images in their FIPS-compliant versions? Are there any repositories or tools available to help with the task?

1 Antwort
1

Hello,

it seems it is the customer’s responsibility to ensure that all components of their environment meet FIPS 140-2 standards if required for FedRAMP compliance.

Anyway, there is a link of someone who tried to twist its Kube Configuration into FIPS compliance. Find it here please. https://sookocheff.com/post/aws/building-a-fips-compliant-kubernetes-cluster-on-aws/

profile picture
EXPERTE
beantwortet vor 2 Monaten
profile picture
EXPERTE
überprüft vor 2 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen