PORTLAND, Ore., April 30, 2019 /PRNewswire/ — Twistlock, the leader in cloud native cybersecurity, announced today that its platform has been certified by CIS Benchmark™ to check its customers’ cloud native applications and infrastructure against the consensus-based best practice standards contained in Kubernetes, Docker, Linux and AWS benchmarks. Organizations that leverage Twistlock can ensure that the configurations of their critical assets align with the CIS Benchmarks consensus-based practice standards.
Twistlock has been awarded CIS Security Software Certification for the following CIS Benchmarks:
-CIS Benchmark for Amazon Web Services Foundations v1.2.0, Level 1 Profile
-CIS Benchmark for Kubernetes Benchmark v1.3.0, Level 1 Profile
-CIS Benchmark for Docker Community Edition Benchmark v1.1.0, Level 1 Profile
-CIS Benchmark for Docker Community Edition Benchmark v1.1.0, Level 2 Profile
-CIS Benchmark for Docker Community Edition Benchmark v1.1.0, Level 1 Linux Host OS Profile
-CIS Benchmark for Distribution Independent Linux v1.1.0, Level 1 Server Profile
“We are very pleased to be certified by CIS Benchmarks across multiple profiles,” said John Morello, Chief Technology Officer, Twistlock. “With this verification from CIS, our customers can fully benefit from comprehensive coverage across four key benchmarks. We’re especially proud that our coverage on the Docker benchmark is comprehensive. Twistlock supports all three profiles, including the level 2 profile. According to CIS, Level 2 profiles are ‘intended for environments or use cases where security is paramount’ — they go above and beyond level 1 profiles, which contain recommendations that are ‘practical and prudent.'”
The CIS certifications continue Twistlock’s focus on leadership of standards for cloud native compliance and security. Twistlock shipped the industry-first benchmark for securely deploying popular service mesh technology, Istio, and currently offers detailed compliance implementation guides for standards such as HIPAA, PCI-DSS, and NIST SP 800-53. The official guidance on container security from NIST, SP 800-190, was authored by Twistlock CTO John Morello. The Twistlock Labs security research team is responsible for developing many additional compliance checks in our product that are critical to the secure operation of apps running on cloud native infrastructure.
This certification is issued by CIS® (Center for Internet Security, Inc.). “Cybersecurity challenges are mounting daily, which makes the need for standard configurations imperative. By certifying its product with CIS, Twistlock has demonstrated its commitment to actively solve the foundational problem of ensuring standard configurations are used throughout a given enterprise,” said Curtis Dukes, CIS Executive Vice President of Security Best Practices & Automation Group.
In order for a product to receive the CIS Benchmarks Certification, a vendor must adapt its product to accurately report to the security recommendations in the associated CIS Benchmarks profile. CIS Certified Security Software Products demonstrate a strong commitment by the vendors to provide their customers with the ability to ensure their assets are secured according to consensus-based best practice standards.
The CIS Benchmarks program is a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions. CIS Benchmarks are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for Federal Information Security Management Act, PCI, Health Insurance Portability Accountability Act and other security requirements.
Learn more about how Twistlock supports compliance in-product here.
- Press Releases
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How to Lock Down the Kernel to Secure the Container HostRead the Blog
One Chapter Ends, Another BeginsRead the Blog
The Greatest Security Risks Lurking in Your CI/CD PipelineRead the Blog
Cloud Platform Radar: Powerful Cloud Asset IdentificationRead the Blog
Securing Serverless Functions: Visibility with Serverless RadarRead the Blog