Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more
< Back

New Guide to Zero Trust, FIPS and FedRAMP for Kubernetes and Cloud Native Applications from Tetrate

Since we published our first guide to Zero Trust and FIPS, there have been significant changes in the regulatory landscape for cloud-native security i

Tetrate
New%20Guide%20to%20Zero%20Trust%2C%20FIPS%20and%20FedRAMP%20for%20Kubernetes%20and%20Cloud%20Native%20Applications%20from%20Tetrate

Since we published our first guide to Zero Trust and FIPS, there have been significant changes in the regulatory landscape for cloud-native security in FedRAMP environments, so we’ve published a new version to cover these latest developments. In December 2022, the FedRAMP Authorization Act was signed as part of the FY23 National Defense Authorization Act (NDAA). The Act codifies the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information. And, most importantly, FedRAMP Revision 5—finalized in 2020—is now in force. FedRAMP Rev. 5 is a significant update to the security requirements for federal cloud services based on NIST SP 800-53 Rev. 5, which takes effect starting May 30, 2023 for new FedRAMP authorizations. Revision 5 is also targeted more broadly as guidance for all organizations in addition to its mandate for U.S. federal cloud information systems.

What’s New in FedRAMP Rev. 5?

Broadly, here’s what’s new in Rev. 5:

  • Expansion to 20 control families  (from 18 in Rev. 4), with some controls being restructured and renumbered. The control families are also realigned to better match current security threats and technology trends. (For more information, see Tetrate’s Guide to FedRAMP Rev. 5.)
  • Expansion of scope to include privacy controls in addition to security controls to reflect the growing importance of privacy protection in information systems.
  • Greater emphasis on supply chain risk management and includes controls related to software supply chain security, reflecting the increasing importance of securing the software development and distribution process.
  • Better alignment with other cybersecurity and privacy frameworks such as NIST’s Cybersecurity Framework (CSF) and  Privacy Framework.
  • Increased emphasis on continuous monitoring and improvement of security and privacy controls, aligning with modern cybersecurity practices.

As of May 30, 2023, all new FedRAMP authorizations must comply with SP 800-23 Rev. 5. FedRAMP authorizations already in the initiation or continuous monitoring phase prior to May 30, 2023 may continue to use Rev. 4 baselines, but must identify the delta between their current Rev. 4 implementation and the Rev. 5 requirements plus develop plans to address that delta.

## How Does Tetrate Istio Help Meet Rev. 5 Requirements?

FedRAMP Rev. 5 requires FIPS-validated encryption for data in transit. While Istio is the de facto standard security kernel for microservices applications, only Tetrate offers a FIPS-validated distribution of Istio suitable for FedRAMP environments. New in FedRAMP Rev. 5 is a requirement to document cryptographic modules in use to protect data in transit and at rest. Tetrate’s Istio distribution is built into the documentation  template (SSP Appendix Q) required for all System Security Plans (SSPs)—so, you can be sure when it’s time to pass the Full Security Assessment in the FedRAMP Authorization phase , Tetrate has you covered. Tetrate Istio  is also available via approved software factories like the AWS Marketplace for GovCloud and Platform One.

Read the Reports

Get Started with Istio

If you’re new to service mesh and Kubernetes security, we have a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.

If you’re looking for a fast way to get to production with Istio, check out Tetrate Istio

Distribution (TID), Tetrate’s hardened, fully upstream Istio distribution, with FIPS-verified builds and support available. It’s a great way to get started with Istio knowing you have a trusted distribution to begin with, an expert team supporting you, and also have the option to get to FIPS compliance quickly if you need to.

As you add more apps to the mesh, you’ll need a unified way to manage those deployments and to coordinate the mandates of the different teams involved. That’s where Tetrate Service Bridge comes in. Learn more about how Tetrate Service Bridge makes service mesh more secure, manageable, and resilient here, or contact us for a quick demo.

Tetrate
Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
    • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
    • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network
    with more
    intelligence?