Nova Container Platform Special Edition: FSTEC Level 4 Security

Nova Container Platform Special Edition: FSTEC Level 4 Security

      Nova Container Platform Special Edition from Orion soft has received an FSTEC of Russia certificate of the 4th level of trust and is ready for use in critical IT perimeters. IT-World explains how the platform combines Kubernetes functionality with built-in protection measures and regulatory compliance.

      Customer IT infrastructure in KII perimeters and similar environments with heightened security requirements is increasingly being built on microservice architecture and containerization. These solutions provide flexibility and scalability, while at the same time increasing demands for security control, especially when working with government information systems, personal data and critical information infrastructure assets. Here, not only the platform’s functionality matters, but also its compliance with regulator requirements.

      This summer, Orion soft’s containerized application management platform Nova Container Platform received a certificate from FSTEC of Russia (No. 4943), allowing its use in protected IT perimeters. The certified edition, Nova Container Platform Special Edition, includes all basic functionality supplemented with built-in protections against unauthorized access in accordance with FSTEC of Russia requirements for containerization tools at the 4th protection class. At the moment, this is the most feature-rich containerization platform certified by FSTEC in Russia.

      What FSTEC certification provides

      The certificate of conformity confirms that the product has passed tests that include checks for vulnerabilities in the product and its components, analysis of the security architecture and correctness of configuration, source code reviews involving static and dynamic analysis as well as fuzz testing, analysis of the security of build infrastructure and build automation, penetration testing, and assessment of compliance with information protection requirements.

      With an FSTEC of Russia certificate at the 4th level of trust, the platform can also be used as an information protection tool, including:

      - in industrial control systems (ICS) up to Protection Class 1, including hazardous and potentially hazardous industrial facilities;

      - in state information systems (GIS) up to Protection Class 1;

      - in the infrastructure of companies processing personal data up to Protection Level 1;

      - at significant KII sites up to and including Category 1 significance.

      Platform-level security

      Nova Container Platform Special Edition contains built-in protection mechanisms applicable at both the infrastructure and application levels:

      - Container and cluster component scanning — versions of Kubernetes, images, runtimes, and external registries are analyzed. A CVE database is used with vulnerability classification and remediation recommendations. The Russian vulnerability database bdu.fstec is also integrated.

      - Image and container integrity control — a trusted boot system is implemented, with signature verification and runtime policy management.

      - Authentication and access management — support for RBAC, integration with external IDM (e.g., FreeIPA, Keycloak), and access rights separation.

      - Security event logging — a centralized logging system with built-in report export, filtering and dashboard configuration, and the ability to integrate with SIEM.

      - Network-level security policy support — interactions between containers are controlled and isolation is possible.

      These components reduce the load on external security tools, allowing some requirements to be met by the platform itself.

      Integrations with security tools

      Nova SE includes an integrated comprehensive security platform for container environments built on the NeuVector solution. It provides:

      - comprehensive observability of all vulnerabilities within the cluster. Built-in NeuVector can scan platform and application components at different levels: Kubernetes version, cluster nodes, running applications, and external registries. NeuVector analyzes applications running inside Nova, reports which libraries and components they comprise, what vulnerabilities they contain, shows their severity, provides links to specific CVEs and remediation recommendations;

      - a powerful engine for authoring custom security policies for the Kubernetes level, running applications, and traffic inside Kubernetes;

      - an analytics and reporting module for security events. With a click you can obtain a report on discovered vulnerabilities and incidents, tied to components and severity levels. It is convenient to export and compare such analytic slices over different periods for reporting.

      All this is managed from a single GUI in which the security team sees everything happening in the cluster, manages its policies and network connections, monitors anomalies in traffic between containers, and detects unwanted actions based on behavioral analysis.

      In addition, Nova SE includes the StarVault secret store. It is used for centralized management of credentials, tokens, certificates and keys. Integration with LDAP/AD, as well as automatic issuance and rotation of PKI certificates, simplifies secret management in a microservices architecture.

      Also read

      How the economics of artificial intelligence is changing

      Artificial intelligence has ceased to be merely a tool and has become a separate economy. Trillions of dollars have been invested in the industry, but the return on those investments is not yet clear. The world has reached a turning point: technologies will either become new infrastructure or turn into the largest bubble of the 21st century.

      Management and infrastructure

      In addition to container management, Nova SE integrates with other solutions from the Orion soft ecosystem:

      - zVirt Max — a certified edition of the zVirt virtualization platform that meets all FSTEC security requirements (FSTEC certificate No. 4780). Compatibility with zVirt Max is guaranteed by the developer. Integration with the platform allows management of both containers and virtual machines from a single pane of glass.

      - Cloudlink — a CMP platform for multi-cluster management, including billing and resource accounting functions; compatibility is maintained as in the basic edition.

      The platform also supports a CSI driver, automatic scaling and updates, and an API-first approach, which facilitates integration into existing CI/CD pipelines and monitoring systems.

      Use case: VSK

      One of the major customers using Nova is the VSK Insurance House. The choice was driven by modules important to VSK: a set of monitoring tools, fault-tolerant logging, and a built-in security platform for centralized security management in clusters. Orion soft specialists implemented the solution in several stages: first configuring and testing it within VSK’s closed perimeter, integrating it with the Marlin CI/CD platform, and then preparing the platform for scaling.

      Notably, the presence of built-in protection mechanisms made it possible to reduce the number of external components and simplify maintenance.

      Conclusion

      Nova Container Platform Special Edition is a container infrastructure management platform that combines a full-featured implementation of Kubernetes with additional components for security and regulatory compliance. It meets the needs for certified protection tools, supports industry standards for working with microservices, and is suitable for use in critical sectors.

      The platform addresses the task of independence from imports without reducing operational characteristics, while providing ready mechanisms for meeting information protection requirements—particularly relevant for government and industrial segments.

      We invite those who want to learn more about practical experience in implementing container platforms and modern approaches to building them to the Orion Digital Day conference, which will be held on September 25. The program includes discussion of current containerization solutions, including a focus on security and regulatory compliance. Registration is already open via the link.

      Advertisement: Orion LLC erid: 2W5zFG3Bq1r

Nova Container Platform Special Edition: FSTEC Level 4 Security

Other articles

Vibe coding is revolutionizing software development. Enterprises represent the next frontier. Vibe coding is revolutionizing software development. Enterprises represent the next frontier. Thomas Cuvelier, a partner at the $1 billion venture fund RTP Global, discusses how vibe coding may have its greatest influence in the enterprise sector.

Nova Container Platform Special Edition: FSTEC Level 4 Security

Nova Container Platform Special Edition from Orion Soft has received FSTEC Level 4 trust certification and is ready for use in mission-critical IT environments. IT-World explains how the platform combines Kubernetes functionality with built-in security features and compliance with regulatory requirements.