Chef Advances Security Capabilities for Government and Enterprise Customers with STIG Support, CIS Certifications and FIPS Compliance

Chef, Chef Automate and Chef InSpec further harden and secure infrastructures to accelerate cloud migration

SEATTLE — (BUSINESS WIRE) — Chef, the leader in Continuous Automation, today announced the achievement of three significant security milestones, helping its government and enterprise customers ensure that they can achieve and maintain the secure infrastructure needed to accelerate their cloud strategies. These include Secure Technical Implementation Guidelines (STIG) profiles for RHEL 7 and Windows Server 2016 in Chef InSpec, along with FIPS 140-2 compliance and Center for Internet Security (CIS) certification for AWS Foundations Benchmarks Level 1 and 2 in Chef Automate. Chef is the first CIS partner to achieve certification across AWS, Microsoft Azure and Google Cloud Platform, giving its customers maximum flexibility when choosing and securing cloud platforms.

Chef has worked closely with federal, government and enterprise organizations to automate the way they build and manage their infrastructure and enable compliance as code. The capacity to not only automate configuration but also ensure compliance and remediate vulnerabilities, is critical to automating infrastructure, particularly in highly-regulated industries.

“Chef Automate, Chef InSpec and Chef Habitat are vital to providing complete visibility into one of our largest customer’s environments, which includes more than 200 AWS accounts spread across multiple enclaves,” said Brad Shelton, Cloud Operations and Engineering Team Lead for GDIT. “Chef is essential in providing near-real-time visibility into our configuration, along with security compliance for our customers’, and their internal and external customers’, cloud and data center systems.”

Delivering Apps at Speed with Compliance

Typically, ensuring that compliance standards are met involves slow, manual, post-build security scanning. Unfortunately, this approach catches compliance-related defects far too late in the process, creating work for engineers that can potentially create budget overruns, schedule slippage and dissatisfied users. Chef InSpec incorporates compliance processes into every stage of users’ development cycles, significantly mitigating these concerns. Chef and Chef InSpec enable continuous compliance by allowing customers to automatically resolve potential compliance issues without human intervention.

Securing the Cloud

Cloud platforms offer easy-to-use resources for configuring access control, data storage and virtual networking, giving organizations the tools to scale their environments quickly. But with these new tools come new guidelines and best practices for securing them properly. STIG profiles let Chef customers determine whether their cloud implementations meet the requirements outlined within the benchmarks and provide actionable insights regarding where insecure configurations are found. New CIS benchmarks deliver prescriptive implementation criteria for each cloud provider, while FIPS compliance enables government organizations to take maximum advantage of InSpec compliance automation at scale.

“The security milestones announced today give our customers the tools and the confidence they need to accelerate their most critical cloud initiatives,” said John Snow, Senior Software Development Engineer and Federal Content Lead at Chef. “This work builds on our long history of close collaboration with government users and the organizations that support them, furthering our ongoing commitment to provide the most innovative and easy-to-use application delivery and compliance automation solutions available to organizations of all types.”

For more details on how organizations can use Chef and InSpec automation to achieve federal compliance, check out the latest blog post here. More information on Chef’s CIS partner certification for AWS, Azure and GCP is available in this blog.


About Chef

Chef is the leader in Continuous Automation software, an innovator in cloud native operations and one of the founders of the DevOps movement. Chef works with more than a thousand of the most innovative companies around the world to deliver their vision of digital transformation, providing the practices and platform to deliver software at speed. Chef Automate is Chef’s Continuous Automation Platform which is powered by an awesome community and open source software engines: Chef for infrastructure,Chef Habitat for applications, andChef InSpec for compliance. For more visit


# # #

Media Contact:
Ellie O’Rourke
Mindshare PR
+1 425 233 2092