Compliance is often the first question for anyone implementing Red Hat OpenShift but also the hardest to answer. An even harder question to answer is how to implement identity management compliance for OpenShift, but the question is really about bridging the gap between people who write compliance requirements, people who audit those requirements, and people who implement the technology.
In this session, targeted to security specialists responsible for reviewing OpenShift deployments and those trying to build a compliant solution with OpenShift, I’ll provide a map to help explain what compliance really means, how OpenShift is deployed, and how OpenShift technology is implemented to meet compliance requirements, including examples from National Institute of Standards and Technology (NIST) 800-53, NIST 800-63 and the Criminal Justice Information Services (CJIS), mapped to a technology implementation. This map will help auditors better understand the compliance of identity management in OpenShift.
The content for this session is based on my blog post: tremolosecurity.com/openshift-compliance-and-identity-management/