Hardened Ubuntu Container Images are Now Available in the Iron Bank

Written by

US government agencies and organizations that work with the US public sector can now access STIG hardened Ubuntu container base images on the Iron Bank, Platform One's hardened container image repository.

Platform One is the United States Air Force’s DevSecOps enterprise services team focused on best-in-class secure software delivery.

Ubuntu 20.04 Pro base images with CIS L2 and STIG hardening are now approved by Platform One for inclusion in the repository, enabling Department of Defense (DoD) mission owners, software vendors and enterprises in highly regulated industries to build upon a trusted, secure and stable ecosystem.

“Having Ubuntu as one of the approved base images on the Iron Bank gives our commercial partners and mission owners the flexibility of choice for minimal secure container images and accelerated delivery,” said Lt. Col. Brian Viola, Materiel Leader at Platform One.

“The Iron Bank registry is a value stream that is accessible to all, including third-party software vendors, who, by using these Ubuntu images, can also have their products published as approved for DoD use. We are accelerating innovation, and enabling innovators to focus on solving challenging problems rather than losing time on software maintenance for obtaining accreditations," he added. 

Approved OCI images for Government and Highly-Regulated Industries

To provide the necessary accreditation and speed up the development-to-deployment process, Platform One created the Iron Bank, a continuously updated, scanned and pre-approved repository of hardened containers that supports the CI/CD lifecycle methodologies needed for modern software development. 

“Platform One has allowed the most highly regulated ecosystem to adopt pure cloud-native methodologies and ensure that enterprise-style innovation is available,” said Henry Coggill, Security Certifications Product Manager at Canonical.

Canonical’s production-grade chiselled model reduces known CVEs and the potential zero-day attack surface, simplifying compliance with the Iron Bank’s Acceptance Baseline Criteria (ABC) and Overall Risk Assessment (ORA), all while maintaining enterprise grade support.

Hardened and Continuously-Scanned images

Ubuntu base images on the Iron Bank can be found under the name Ubuntu CIS STIG 20.04. These images have been through the Iron Bank’s accreditation process and are continuously scanned for new vulnerabilities, with the Canonical team on deck to provide timely updates and security patches.

To get started with these new images, simply replace FROM ubuntu:20.04 with FROM registry1.dso.mil/ironbank/canonical/ubuntu-cis-stig-20.04 in Dockerfiles.

Support Available Through Ubuntu Pro

Canonical’s Ubuntu Pro  subscription provides a simple path to secure and support all open source technologies, from the operating system to the application layer. Ubuntu Pro customers enjoy 10 years of security maintenance and have options for 24x7 phone and ticket support. This support is applicable to the Ubuntu container images available on the Iron Bank registry.

Public sector organizations, software vendors and system integrators can now pull containers inside the DoD’s trusted registry to fast-track their ATO processes, with DoD certificate authorities baked into the minimal container. 

Next Steps 

Brought to you by

What’s hot on Infosecurity Magazine?