Fugue launched the Fugue Compliance Suite to make it easier for enterprises to validate cloud infrastructure against security and compliance policy to prevent data breaches. Included in the Fugue 1.8 product release, the Compliance Suite contains pre-built validations expressed in policy-as-code libraries that are mapped to AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, and HIPAA.
“As enterprise cloud adoption increases, so have data breaches and other security and compliance incidents due to cloud misconfiguration exposure,” said Phillip Merrick, CEO of Fugue. “Because of this, cloud security and compliance are now top enterprise priorities, but it’s important that solutions don’t slow the pace of innovation. The Fugue Compliance Suite is designed to help cloud teams move fast and at scale to ensure that compliance policy is continuously enforced at every stage.”
Cloud infrastructure and security teams can use the Fugue Compliance Suite to identify compliance violations. This allows teams to establish known-good infrastructure baselines that can be replicated, shared, scaled, and continuously enforced.
Automated policy checks can be integrated into CI/CD pipelines to support DevOps while preventing resources that violate compliance standards from being provisioned. For running infrastructure, Fugue identifies unauthorized changes and reverts them back to a known-good baseline. This eliminates critical vulnerabilities the moment they occur.
The Fugue Compliance Suite includes pre-built, policy-as-code libraries for the following compliance regimes:
- NIST 800-53 Rev. 4 (National Institute of Standards and Technology). A catalog of security controls developed by NIST that are used to protect federal government information systems.
- AWS CIS Benchmarks (Center for Internet Security). Consensus-based industry best practices to help organizations assess and improve their security.
- HIPAA (Health Insurance Portability and Accountability Act). Law requiring all HIPAA-covered businesses to prevent unauthorized access to Protected Health Information (PHI).
- GDPR (General Data Protection Regulation). Controls to enforce the European Union regulation for protecting the personal data and privacy of individuals within the EU and European Economic Area (EEA).