EKS add-on images are not FIPS-compliant for FedRamp

0

Hi everyone, I wonder what should customers undergoing FedRamp do with EKS add-on images, which are not FIPS compliant? Namely, those are 'kube-proxy', 'coredns', 'aws-ebs-csi-driver', 'aws-network-policy-agent', 'cloudwatch-agent', etc - there are many more. Since those images are provided by AWS, one would expect AWS to provide their FIPS-compliant versions as well. However, I couldn't find any guidance on that. Is it customer's responsibility to recreate those images in their FIPS-compliant versions? Are there any repositories or tools available to help with the task?

1 Risposta
1

Hello,

it seems it is the customer’s responsibility to ensure that all components of their environment meet FIPS 140-2 standards if required for FedRAMP compliance.

Anyway, there is a link of someone who tried to twist its Kube Configuration into FIPS compliance. Find it here please. https://sookocheff.com/post/aws/building-a-fips-compliant-kubernetes-cluster-on-aws/

profile picture
ESPERTO
con risposta 2 mesi fa
profile picture
ESPERTO
verificato 2 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande