Looking to accelerate your

FedRAMP compliance process?

Looking to accelerate your

FedRAMP compliance process?

Looking to accelerate your

FedRAMP compliance process?

Try Koala Images

Try Koala Images

Try Koala Images

FedRAMP has established specific requirements for container security and vulnerability management that CSPs must adhere to for both initial authorization and ongoing compliance.

FedRAMP has established specific requirements for container security and vulnerability management that CSPs must adhere to for both initial authorization and ongoing compliance.

FedRAMP has established specific requirements for container security and vulnerability management that CSPs must adhere to for both initial authorization and ongoing compliance.

FedRAMP Vurnerability
Scanning Requirements

FedRAMP Vurnerability Scanning Requirements

FedRAMP Vurnerability
Scanning Requirements

Initially published March 2021.

Initially published March 2021.

Initially published March 2021.

FedRAMP Vulnerability Scanning Requirements

FedRAMP Vulnerability Scanning Requirements

FedRAMP Vulnerability Scanning Requirements

Version 3.0, February 2024.

Version 3.0, February 2024.

Version 3.0, February 2024.

Hardened Container Images

Hardened Container Images

Hardened Container Images

CSPs must only use “hardened” container images that follow NIST SP 800-70 benchmarks and are validated by a thirs party assessment organization (3PAO).

CSPs must only use “hardened” container images that follow NIST SP 800-70 benchmarks and are validated by a thirs party assessment organization (3PAO).

CSPs must only use “hardened” container images that follow NIST SP 800-70 benchmarks and are validated by a thirs party assessment organization (3PAO).

30-Day Scanning Window

30-Day Scanning Window

30-Day Scanning Window

Container images must be scanned every 30 days to remain eligible for use in product environments.

Container images must be scanned every 30 days to remain eligible for use in product environments.

Container images must be scanned every 30 days to remain eligible for use in product environments.

Vulnerability
Tracking

Vulnerability
Tracking

Vulnerability
Tracking

Each vulnerability must be tracked as a separate item in a Plan of Action and Milestones (POA&M) with assigned owners, estimated remediation timelines, and required resources.

Each vulnerability must be tracked as a separate item in a Plan of Action and Milestones (POA&M) with assigned owners, estimated remediation timelines, and required resources.

Each vulnerability must be tracked as a separate item in a Plan of Action and Milestones (POA&M) with assigned owners, estimated remediation timelines, and required resources.

CVE Remediation Timelines

CVE Remediation Timelines

CVE Remediation Timelines

High risk vulnerabilities must be remediated within 30 days, while all vulnerabilities must be addressed within 180 days of first appearance.

High risk vulnerabilities must be remediated within 30 days, while all vulnerabilities must be addressed within 180 days of first appearance.

High risk vulnerabilities must be remediated within 30 days, while all vulnerabilities must be addressed within 180 days of first appearance.

Asset Inventory Management

Asset Inventory Management

Asset Inventory Management

CSPs must assign unique asset identifiers to every class of container image and document them in the FedRAMP integrated inventory Workbook Template

CSPs must assign unique asset identifiers to every class of container image and document them in the FedRAMP integrated inventory Workbook Template

CSPs must assign unique asset identifiers to every class of container image and document them in the FedRAMP integrated inventory Workbook Template

Encryption Requirements

Encryption Requirements

Encryption Requirements

Data in transit between containers must be protected with appropriate SC-8
controls.

Data in transit between containers must be protected with appropriate SC-8
controls.

Data in transit between containers must be protected with appropriate SC-8
controls.

Meeting these requirements presents significant challenges for organizations, particularly as research shows that popular container images can accumulate one new vulnerability per day when not updated regularly.

Meeting these requirements presents significant challenges for organizations, particularly as research shows that popular container images can accumulate one new vulnerability per day when not updated regularly.

Meeting these requirements presents significant challenges for organizations, particularly as research shows that popular container images can accumulate one new vulnerability per day when not updated regularly.

About Koala Images

About Koala Images

About Koala Images

Koala Images offers enterprise-ready, hardened open-source container images that dramatically reduce the overhead of achieving and maintaining FedRAMP compliance. Our solution is built on our expertise in container security, having previously executed successful Golden Image Programs for major enterprises.

Koala Images offers enterprise-ready, hardened open-source container images that dramatically reduce the overhead of achieving and maintaining FedRAMP compliance. Our solution is built on our expertise in container security, having previously executed successful Golden Image Programs for major enterprises.

Koala Images offers enterprise-ready, hardened open-source container images that dramatically reduce the overhead of achieving and maintaining FedRAMP compliance. Our solution is built on our expertise in container security, having previously executed successful Golden Image Programs for major enterprises.

Our preliminary research shows that moving to hardened container images like Koala Images isn't just imperative for security but also delivers significant performance benefits. Compared to standard base images like Debian Bullseye, our Python base images showed:

Our preliminary research shows that moving to hardened container images like Koala Images isn't just imperative for security but also delivers significant performance benefits. Compared to standard base images like Debian Bullseye, our Python base images showed:

Our preliminary research shows that moving to hardened container images like Koala Images isn't just imperative for security but also delivers significant performance benefits. Compared to standard base images like Debian Bullseye, our Python base images showed:

How Koala Lab Images Can Help

How Koala Lab Images Can Help

How Koala Lab Images Can Help

1. Hardened Base Images with Minimal Attack Surface

1. Hardened Base Images with Minimal Attack Surface

1. Hardened Base Images with Minimal Attack Surface

Koala Images are built using a secure-by-design approach, minimizing the attack surface while maintaining full functionality. Our images contain only the essential components required for operation, eliminating unnecessary packages that could introduce vulnerabilities.

Koala Images are built using a secure-by-design approach, minimizing the attack surface while maintaining full functionality. Our images contain only the essential components required for operation, eliminating unnecessary packages that could introduce vulnerabilities.

Koala Images are built using a secure-by-design approach, minimizing the attack surface while maintaining full functionality. Our images contain only the essential components required for operation, eliminating unnecessary packages that could introduce vulnerabilities.

2. Vulnerability Remediation SLA

2. Vulnerability Remediation SLA

2. Vulnerability Remediation SLA

We provide competitive service level agreements (SLAs) for vulnerability remediation, ensuring that new vulnerabilities are addressed within FedRAMP-compliant timeframes. This drastically reduces the burden on your security teams to constantly monitor, triage, and remediate vulnerabilities in container images.

We provide competitive service level agreements (SLAs) for vulnerability remediation, ensuring that new vulnerabilities are addressed within FedRAMP-compliant timeframes. This drastically reduces the burden on your security teams to constantly monitor, triage, and remediate vulnerabilities in container images.

We provide competitive service level agreements (SLAs) for vulnerability remediation, ensuring that new vulnerabilities are addressed within FedRAMP-compliant timeframes. This drastically reduces the burden on your security teams to constantly monitor, triage, and remediate vulnerabilities in container images.

3. Continuous Compliance Support

3. Continuous Compliance Support

3. Continuous Compliance Support

Our images are continuously updated to remain compliant with the latest security standards and patched against emerging threats. This ongoing maintenance helps you meet FedRAMP's continuous monitoring requirements without dedicating extensive internal resources.

Our images are continuously updated to remain compliant with the latest security standards and patched against emerging threats. This ongoing maintenance helps you meet FedRAMP's continuous monitoring requirements without dedicating extensive internal resources.

Our images are continuously updated to remain compliant with the latest security standards and patched against emerging threats. This ongoing maintenance helps you meet FedRAMP's continuous monitoring requirements without dedicating extensive internal resources.

4. FedRAMP-Ready Documentation

4. FedRAMP-Ready Documentation

4. FedRAMP-Ready Documentation

Koala Images come with comprehensive documentation that supports your FedRAMP authorization process, including:

  • Detailed Software Bill of Materials (SBOMs)

  • Vulnerability assessment reports

  • Configuration compliance documentation

  • Security hardening evidence

Koala Images come with comprehensive documentation that supports your FedRAMP authorization process, including:

  • Detailed Software Bill of Materials (SBOMs)

  • Vulnerability assessment reports

  • Configuration compliance documentation

  • Security hardening evidence

Koala Images come with comprehensive documentation that supports your FedRAMP authorization process, including:

  • Detailed Software Bill of Materials (SBOMs)

  • Vulnerability assessment reports

  • Configuration compliance documentation

  • Security hardening evidence

5. Developer-Friendly Design

5. Developer-Friendly Design

5. Developer-Friendly Design

Despite their hardened security posture, Koala Images remain developer-friendly, supporting a wide range of programming languages and frameworks. This ensures your development teams can build secure applications without sacrificing productivity or introducing unnecessary complexity.

Despite their hardened security posture, Koala Images remain developer-friendly, supporting a wide range of programming languages and frameworks. This ensures your development teams can build secure applications without sacrificing productivity or introducing unnecessary complexity.

Despite their hardened security posture, Koala Images remain developer-friendly, supporting a wide range of programming languages and frameworks. This ensures your development teams can build secure applications without sacrificing productivity or introducing unnecessary complexity.

6. Enterprise Support

6. Enterprise Support

6. Enterprise Support

Our team includes experienced security professionals who have previously implemented successful container security programs at scale. We provide expert guidance throughout your FedRAMP journey, from initial assessment to continuous monitoring.

Our team includes experienced security professionals who have previously implemented successful container security programs at scale. We provide expert guidance throughout your FedRAMP journey, from initial assessment to continuous monitoring.

Our team includes experienced security professionals who have previously implemented successful container security programs at scale. We provide expert guidance throughout your FedRAMP journey, from initial assessment to continuous monitoring.

Start Your
FedRAMP
Journey with
Koala Images

Start Your
FedRAMP
Journey with
Koala Images

Start Your
FedRAMP
Journey with
Koala Images

For CSPs, solutions providers, and federal agencies looking to achieve or maintain FedRAMP authorization, Koala Images provides a foundation that significantly reduces the time, resources, and complexity involved in security compliance.

For CSPs, solutions providers, and federal agencies looking to achieve or maintain FedRAMP authorization, Koala Images provides a foundation that significantly reduces the time, resources, and complexity involved in security compliance.

For CSPs, solutions providers, and federal agencies looking to achieve or maintain FedRAMP authorization, Koala Images provides a foundation that significantly reduces the time, resources, and complexity involved in security compliance.

Our hardened, continuously updated images can help you navigate the challenging FedRAMP landscape with confidence, allowing your teams to focus on innovation rather than constantly fighting security vulnerabilities.

Our hardened, continuously updated images can help you navigate the challenging FedRAMP landscape with confidence, allowing your teams to focus on innovation rather than constantly fighting security vulnerabilities.

Our hardened, continuously updated images can help you navigate the challenging FedRAMP landscape with confidence, allowing your teams to focus on innovation rather than constantly fighting security vulnerabilities.

Contact Us

Contact Us

Contact Us

Ready to accelerate your FedRAMP journey?

Contact our team to learn more about custom pricing, FedRAMP-compliant image options, and how Koala Images can support your specific compliance needs.

Ready to accelerate your FedRAMP journey?

Contact our team to learn more about custom pricing, FedRAMP-compliant image options, and how Koala Images can support your specific compliance needs.

Ready to accelerate your FedRAMP journey?

Contact our team to learn more about custom pricing, FedRAMP-compliant image options, and how Koala Images can support your specific compliance needs.