We are thrilled to announce that the Fugue Compliance Suite is available today. The Compliance Suite is a set of validation libraries for provisioning and orchestrating infrastructure with Fugue. The prepackaged libraries help to enforce security and regulatory controls specified in compliance frameworks such as NIST 800-53, HIPAA, and GDPR, as well as best practices such as the AWS CIS Benchmarks.
As a reminder, a validation is a type of “policy as code” that tests your infrastructure. If a validation fails, such as determining that an S3 bucket has been defined in an unpermitted AWS region, then the infrastructure code will not compile and cannot be deployed.
Our Compliance Suite validations ensure that infrastructure does not violate controls specified in a compliance framework. For example, if a control requires logging to be enabled then Fugue validates that all cloud resources with logging capabilities have logging turned on. If it is not on then Fugue generates an error similar to what is shown here where the controls in violation are listed:
To get started with the Compliance Suite, all you need to do is add
import Fugue.Compliance.NIST (or
HIPAA, etc.) to the top of your composition or upload the library to your Conductor at runtime. In the latter case, the Conductor will prevent any non-compliant infrastructure from being deployed, even if the infrastructure file does not explicitly load the compliance library.
It is important to note that while the Compliance Suite helps to ensure the compliance of infrastructure, a set of infrastructure resources is not compliant just because it passes all of our validation checks. Passing a compliance audit requires explicit approval by an independent auditor who will comprehensively review an organization’s processes and security controls. Verifying that deployed infrastructure must pass Fugue’s rigorous controls will definitely help to demonstrate compliance, but the auditor will make the final call.
Read more about Fugue’s Compliance Suite with predefined validation libraries here.