FileCloud Now Runs RHEL 8 with DISA STIG Profile

November 19, 2021

At FileCloud, we’re always working to make sure our system fulfills the security requirements of companies and organizations, specifically compliance with government regulations. To accomplish this, FileCloud offers top-notch security features such as virus and ransomware protection, advanced digital rights management and folder permissions, and DLP and two-factor authentication. Additionally, FileCloud’s compliance dashboard helps compliance […]

At FileCloud, we’re always working to make sure our system fulfills the security requirements of companies and organizations, specifically compliance with government regulations. To accomplish this, FileCloud offers top-notch security features such as virus and ransomware protection, advanced digital rights management and folder permissions, and DLP and two-factor authentication. Additionally, FileCloud’s compliance dashboard helps compliance officers and administrators remain in line with ITAR regulations and will soon also provide support for GDPR and HIPPA requirements.

Now, it is even easier for government agencies, specifically the US DoD (Department of Defense), to run FileCloud in accordance with their guidelines because it can now run on RHEL 8 with DISA STIG Profile.

What is DISA?

DISA, (or The Defense Information System Agency) is a combat support agency that supports the DoD specifically with IT and communications (essentially how information is distributed, managed, and organized).

Every organization has different internal regulations and requirements, and governmental agencies often have more than usual, specifically for the security of the US and its government. That’s where STIGs come in.

What are STIGs?

STIGs (or Security Technical Implementation Guides) are guides that DISA releases specifically based on use of an application within DoD agencies. These guides essentially tell anyone working for the DoD how they must handle the software and systems they use.

DISA puts out and maintains hundreds of STIGs to ensure DoD information is being kept and shared securely.

These regulations might seem like a lot of work, but these STIGs allow developers and administrators to properly maintain software and hardware, update protocols, and even identify security weaknesses or issues in code.

There are three different DISA STIG categories organized from the severity of risk (that could result in intense consequences if not taken, including loss of life, mission failure, and not being able to operate) to less severe risks (like increased vulnerabilities, delays, and inaccurate information).

Essentially, if FileCloud needs to be run within the DoD (based on how the DoD agency wants to use FileCloud) DISA gives the agency a list of STIGS to comply with in order to run FileCloud while still following regulations. This includes being able to run FileCloud within RHEL 8 as long as the STIGs are followed.

What is RHEL 8?

RHEL 8 is developed by Red Hat, and, according to Red Hat, “gives organizations a consistent OS across public, private, and hybrid cloud environments. It provides version choice, long life-cycle commitments, a robust ecosystem of certified hardware, software, and cloud partners, and now comes with built-in management and predictive analytics.”

This, in essence, turns on controls at the OS level. With specific controls on, the OS limits application installing, running, and even forces certain behaviors on the application.

DISA recently worked with Red Hat to develop and release a STIG for RHEL 8 that is approved to run within the DoD as long as the STIG is properly followed.

How Does this Apply to FileCloud?

As always, we want FileCloud to be useful and compliant within all companies and organizations, and specifically within the DoD. Prior to enabling FileCloud to run on RHEL 8 with DISA STIG controls, we had already worked on similar capabilities, such as running FileCloud on Centos with FIP-140 control enabled at the OS level, so we knew it was possible.

Why We Did It?

At FileCloud we encourage all our employees to speak up, from marketing to sales, and one of our amazing sales team members saw the need for FileCloud to run on RHEL 8 with a DISA STIG profile.

The problem was brought forward, and our sales team worked with our development team in order to find a solution. Ultimately, we were able to make it so that FileCloud can be installed on RHEL 8 with DISA STIG controls on.

What this Means for The US Department of Defense and FileCloud

As we said at the beginning of this blog, we’re always working to make it easy for users to use FileCloud. Sometimes this means adding new features like Workflow Automations and an ITAR Compliance Center, other times it means working within DISA STIGs in order to make it easier for DoD agencies to use FileCloud even within their regulations.

Now that FileCloud runs on RHEL 8 with DISA STIG controls, it’s easier than ever for the DoD to use FileCloud’s secure storage and file sharing system, along with its other impressive benefits and features like advanced DLP, integrations with systems like Microsoft Office, Teams, and Only Office, and Metadata management and personalized branding.

By Megan Barnard

Jr. Content Marketing Strategist