CompliancePolicy & Configuration Management
Achieving Compliance With Twistlock
With Twistlock, you can enforce standard configurations, container best practices, the use of trusted registries and recommended deployment templates. You will gain assurance that your containers environments, wherever they reside, remain compliant with industry or company policies.
CIS Docker benchmark
This benchmark provides consensus-oriented security best practices for deploying Docker. Twistlock developed 80+ built-in checks to validate recommended practices from the CIS benchmark, including configuration assessment, hardening checks, and hardware validations.
Twistlock Container Security Suite includes an extensive list of configuration checks covering host, Docker daemon, Docker files and directories, containers, and even the underlying hardware. We also enforce standard configurations during deployment.
Trusted registry and trusted images
Organizations can use Twistlock to enforce “Trusted Registries” and “Trusted Images”. A trusted registry houses images scanned and approved by Twistlock or other trusted entities (e.g., Docker Trust Registry). Twistlock can enforce that only images pulled from a trusted registry are deployed onto production servers.
Hardware integrity checks
For environments that use Intel® Xeon® processors, Twistlock has native integrations with Intel’s Cloud Integrity Technology (CIT) to perform integrity and attestation checks for host hardware, firmware, Docker daemon or hypervisor prior to deploying containers, thereby establishing a chain of trust from the hardware to the workload to ensure the integrity of your cloud environment.
Compliance In The Container Ecosystem
Our compliance checks cover host, container, Docker daemon, Docker files & directories, image, hardware and security operation policies. Some of the examples are shown here.
“The ability to build a trusted registry with Twistlock’s Container Security Suite allowed our Ops team a simple yet elegant way to control the deployment process, while preserving DevOps efficiency and flexibility for our development teams”
“Our company deals with regulated data and it’s vital that we can show our auditors how we comply with data protection regulations. Twistlock made it easy for us to create a set of policies that mirrors our audit requirements and ensures that our developers adhere to them as they build their images.”
” We experienced a huge amount of image drift prior to deploying Twistlock. With Twistlock, we are able to reign in configuration drift in both images and also production hosts by ensuring that only gold images are deployed and all hosts are configured in the same secure way.”