Cloud Native Compliance

At Twistlock, compliance for cloud native applications and workloads is part of our DNA. We aim to empower global enterprises and growing technology companies to build and deploy software to meet the demands of their businesses一without being slowed by compliance concerns or worries about regulatory violations.

Certified by the Center for Internet Security

Twistlock is proud to be officially certified for four benchmarks across six profiles by the Center for Internet Security (CIS):

  • CIS Benchmark for Amazon Web Services Foundations v1.2.0, Level 1 Profile
  • CIS Benchmark for Kubernetes Benchmark v1.3.0, Level 1 Profile
  • CIS Benchmark for Docker Community Edition Benchmark v1.1.0, Level 1 Profile
  • CIS Benchmark for Docker Community Edition Benchmark v1.1.0, Level 2 Profile
  • CIS Benchmark for Docker Community Edition Benchmark v1.1.0, Level 1 Linux Host OS Profile
  • CIS Benchmark for Distribution Independent Linux v1.1.0, Level 1 Server Profile

Being awarded several Level 2 profiles aligns to our commitment to always provide customers with the deepest security possible and continue Twistlock’s focus on leadership of standards for cloud native compliance and security.

Leading the Way with NIST SP 800-190

As containers and other cloud native technologies were taking off at organizations around the world, Twistlock CTO John Morello seized the opportunity to work with the National Institute of Science and Technology to co-author NIST SP 800-190, Application Container Security Guide.

This special publication provides power guidance for both government organizations and enterprises to measure risk and prevent threats when using containerized applications.

Download the Twistlock Companion Guide for Executing on NIST SP 800-190

The Industry’s First Security Guidance and Compliance Checks for Istio

Service meshes are one of the newest innovations in the world of microservices and cloud native computing. They’re a critical tool for making microservices applications feasible to implement and manage. Istio, which has been growing in popularity since it was released, is a service mesh project designed to make it easier to connect, secure, and operate the connectivity between your application’s various components. When deployed and integrated with Kubernetes, Istio automatically balances inter-service traffic based on policies configured by admins, which means it’s easy to ensure that communications between services are properly routed depending on app needs.

Twistlock Labs, our industry-leading security research team, released the first official security guidance and compliance checks for Istio. The checks help organization’s scale Istio and their related microservices securely.

Download the Twistlock compliance checks for Istio

Enabling Organizations of Any Size to Achieve and Maintain Compliance

We recognize that today’s software-driven organizations need to achieve and maintain compliance for notable industry regimes — that’s why we’ve built compliance templates into the Twistlock Platform with the ability to easily customize over 300 individual checks spanning hosts, containers, images, orchestrator, and more. Twistlock Labs evaluated and scored each check, making it simple to focus on the most critical settings first. Twistlock also includes an open custom compliance check feature that allows you to author your own checks with simple Bash or PowerShell code. Every organization’s needs and stack are different, which is why we want to mold to your specific requirements while still allowing you to demonstrate compliance.