EKS add-on images are not FIPS-compliant for FedRamp

0

Hi everyone, I wonder what should customers undergoing FedRamp do with EKS add-on images, which are not FIPS compliant? Namely, those are 'kube-proxy', 'coredns', 'aws-ebs-csi-driver', 'aws-network-policy-agent', 'cloudwatch-agent', etc - there are many more. Since those images are provided by AWS, one would expect AWS to provide their FIPS-compliant versions as well. However, I couldn't find any guidance on that. Is it customer's responsibility to recreate those images in their FIPS-compliant versions? Are there any repositories or tools available to help with the task?

1 Answer
0

Hello,

it seems it is the customer’s responsibility to ensure that all components of their environment meet FIPS 140-2 standards if required for FedRAMP compliance.

Anyway, there is a link of someone who tried to twist its Kube Configuration into FIPS compliance. Find it here please. https://sookocheff.com/post/aws/building-a-fips-compliant-kubernetes-cluster-on-aws/

profile picture
EXPERT
answered 19 days ago
profile picture
EXPERT
reviewed 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions