EKS add-on images are not FIPS-compliant for FedRamp

0

Hi everyone, I wonder what should customers undergoing FedRamp do with EKS add-on images, which are not FIPS compliant? Namely, those are 'kube-proxy', 'coredns', 'aws-ebs-csi-driver', 'aws-network-policy-agent', 'cloudwatch-agent', etc - there are many more. Since those images are provided by AWS, one would expect AWS to provide their FIPS-compliant versions as well. However, I couldn't find any guidance on that. Is it customer's responsibility to recreate those images in their FIPS-compliant versions? Are there any repositories or tools available to help with the task?

1 Resposta
1

Hello,

it seems it is the customer’s responsibility to ensure that all components of their environment meet FIPS 140-2 standards if required for FedRAMP compliance.

Anyway, there is a link of someone who tried to twist its Kube Configuration into FIPS compliance. Find it here please. https://sookocheff.com/post/aws/building-a-fips-compliant-kubernetes-cluster-on-aws/

profile picture
ESPECIALISTA
respondido há 2 meses
profile picture
ESPECIALISTA
avaliado há 2 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas