Today we are glad to announce that we have added NIST Compliance to our Proactive Compliance Packages enforcement, as part of the Terraform CI/CD solution.

ControlMonkey Terraform CI/CD solution enables DevOps teams to proactively enforce compliance and security policies during the infrastructure CI/CD and prevent issues and misconfigurations in production.

Starting today, our users can enforce NIST 800-53 compliance standards on any Terraform pull request, and ControlMonkey will validate the resources configuration, as part of the infrastructure CI/CD.

Organizations usually run compliance validations in a detective way, after the resources are deployed to production, using tools like AWS Security Hub.

This capability enables DevOps teams to easily enforce NIST Compliance standards proactively, rather than responding to non-compliant resources in production, and risk getting penalized for NIST compliance violations.

If regulation requires your infrastructure to be NIST compliant, you can validate every resource’s compliance proactively, out of the box, with zero effort.

On top of that, users have enhanced customization and granularity and can enforce compliance using various enforcement levels and apply them to specific stacks or namespaces.

Shift left your infrastructure compliance, keep your environment in ‘Always-Compliant’ mode, and allow your team to build faster without sacrificing control.

Today we are super excited to announce the latest capability we added to our Terraform CI/CD solution, which is an absolute game-changer for compliance enforcement, ‘Proactive Compliance Packages’.

Compliance Packages for Terraform & OpenTofu

ControlMonkey Terraform CI/CD solution enables DevOps teams to enforce compliance and security policies proactively during the infrastructure CI/CD, and therefore prevent issues and misconfigurations in production.

So starting today, we are offering our users to enforce compliance standards such as PCI-DSS and CIS-AWS V1.4 on any Terraform pull request, and ControlMonkey will validate the resources configuration, as part of the infrastructure CI/CD.

DevOps teams no longer need to manually configure policies that represent the compliance standard their organization is obligated to, they can enforce that standard on any configuration change, in a few clicks.

By doing that, you’re actually preventing any non-compliant resources from reaching your production environment!

Benefits of Compliance Packages for Terraform and OpenTofu

This capability enables DevOps teams to easily enforce the required Compliance standard proactively, rather than responding to non-compliant resources in production, and risk getting penalized for compliance violations.

Companies usually run compliance validations in a detective way, after the resources are deployed to production, using tools like AWS Security Hub.

‘Proactive Compliance Packages’ are comprised of ControlMonkey’s Managed Policies, built-in policies that are managed and constantly maintained by our engineering team.

1 Click Compliance Packages

If you are required to be PCI-DSS compliant, you can validate every resource’s compliance proactively, out of the box, with zero effort.

On top of that, users have enhanced customization and can enforce compliance using various enforcement levels and apply them to specific stacks or namespaces.

Shift left your infrastructure compliance, keep your environment in ‘Always-Compliant’ mode, and avoid paying unnecessary penalties.

We are proud to announce the release of our latest enhancement to ControlMonkey Terraform CI/CD solution, managed policies for security.

Our Terraform CI/CD solution enables DevOps to proactively set preventive security controls (Control Policies) on any new pull request.
Up until today, ControlMonkey users easily created custom security policies that enforced their organization’s security standards, and now with this release, these policies are available out of the box.

ControlMonkey’s managed policies for security are predefined policies, which are managed and maintained by ControlMonkey.
Rather than writing and maintaining common security policies from scratch (with OPA or any equivalent language), we are now offering proactive managed policies for security, right out of the box.

Additionally, DevOps teams can choose on which namespaces or stacks these policies will be enforced, and also the enforcement level (warning or block).
So if you need to separate and divide your policy enforcement across environments, you now have the deeper level of granularity to do so.

The advantages of the ControlMonkey Managed Policies Solution:

• You get a library of pre-defined security policies to choose from, straight out of the box.
• Save time on writing, managing, and maintaining these policies, ControlMonkey does all the heavy lifting for you.
• By shifting left your security, you are:
  • Preventing security issues before they reach production
  • Saving time on manual code review when making a change or rolling back when needed.
  • Educating the DevOps team on the organization’s security standards

This feature came as a request we got from a few of our customers, so we are glad to see this come to life.
We are proud to collaborate with our customers on designing and building the ControlMonkey platform.

Today ControlMonkey is happy to announce a new capability that enables our users to take a Proactive FinOps approach by setting custom ‘Cost Policies’ on their cloud environment as part of their Terraform pipeline.

ControlMonkey’s Control Policies serve as proactive controls as part of our GitOps CI/CD Pipeline and help DevOps avoid errors and misconfigurations in production environments.
Leveraging Cost Policies is the best practice for enforcing budget restrictions in your cloud environment before resources are provisioned and before costing you money.

With the new ‘Cost Policy’ rule, ControlMonkey automatically alerts the user or blocks an infrastructure deployment in case the newly provisioned resources cost more than allowed (Threshold is configurable).

Don’t react to costly FinOps mistakes in production, prevent them from happening.

Today ControlMonkey is happy to announce a new Control Policy type – ‘Property Condition’ that enhances our users’ ability to set custom preventive conditions on their cloud resources as part of their Terraform pipeline.

ControlMonkey’s Control Policies serve as preventive controls as part of our GitOps CI/CD Pipeline and help DevOps avoid errors and misconfigurations in production environments.
Leveraging Control Policies is the best practice for enforcing security and compliance in your cloud environment.

Using the new ‘Property Condition’ Control Policy, DevOps teams are now able to set any rule on any resource they wish, without even writing a single line of code (vs other options like writing OPA or Sentinel Code).

For example:

• Denying creating of load balancers without SSL configuration

• Denying creation of EBS volumes with the type of gp2.

• Allowing route 53 record TTL to be less than 60 seconds only.

By setting preventive conditions on any cloud resource before it’s being provisioned, DevOps teams gain better control and governance over their cloud environment and overall improve their security and compliance posture.