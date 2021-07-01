Anchore's approach to STIG validation is based on deep experience working with the U.S. Department of Defense Tweet this

Anchore's approach to STIG validation is based on deep experience working with the U.S. Department of Defense and branches of the U.S. Armed Forces. The new STIG compliance capability performs the checks on running container instances using a lightweight agent which passes the result back to the Anchore Enterprise. The results are queried programmatically through an API that can be used to prove the compliance of an image for auditors or used as part of a policy to warn or fail a deployment.

"This new capability is based on collaboration with multiple agencies in the federal government and addresses the pain points they identified in automating the STIG process in a containerized environment," said Neil Levine, Vice President of Product for Anchore. "Now, federal agencies can streamline DevSecOps for cloud-native applications by combining automated STIG checks and other security controls for a unified view of compliance."

STIGs are configuration standards for information systems across the U.S. Department of Defense to ensure software security and decrease vulnerabilities. More information can be found at the DoD Cyber Exchange website.

Learn more about Anchore Enterprise 3.1 and the federal edition with automated STIG compliance checks here.

