Skip to content

CISOs and DPOs guide overview#

Stakater uses a Risk and Compliance as Code (RCaC) approach to embed compliance practices directly into infrastructure and workflows, making compliance an automated, continuous process rather than a manual one.

KubeStack+ gives your teams automated checks, auditable policies, and streamlined workflows to mitigate risks and maintain compliance with GDPR, NIST, ISO 27001, BSI IT-Grundschutz, and other standards.

The supported compliance frameworks fall into two categories:

1. General frameworks#

These frameworks apply across industries and provide high-level best practices for security, privacy, and risk management. KubeStack+ supports measures aligned with:

  • International Organization for Standardization (ISO) 27000 Series, which outlines best practices for Information Security Management - ISO270001
  • National Institute of Standards and Technology (NIST) SP 800-171, focused on strengthening cybersecurity - NIST SP 800 171
  • General Data Protection Regulation (GDPR), which governs data privacy and protection in the European Union - GDPR
  • BSI IT-Grundschutz, developed by the German Federal Office for Information Security (BSI) to ensure robust information security management - BSI IT-Grundschutz
  • Center for Internet Security (CIS) Benchmarks, which provide globally recognized secure configuration guidelines for systems and applications - CIS Benchmarks
  • SOC 2 Type 2, which evaluates the operational effectiveness of an organization's security, availability, processing integrity, confidentiality, and privacy controls over a defined period - SOC 2 Type 2

2. Industry-specific standards#

These standards address the compliance, security, and operational requirements of specific industries. KubeStack+ incorporates relevant measures to help your organization meet requirements in areas such as:

  • Patient data protection - HIPAA
  • Operational resilience in financial services - DORA)

KubeStack+ aligns with both general frameworks and industry-specific standards to help your organization remain secure and compliant.

Disclaimer#

Implementing the measures described in this document and using the technologies mentioned does not guarantee compliance with any specific regulations, certifications, or guidelines. This document is a starting point for defining measures based on your organization's unique requirements, technological setup, and protection needs.

The information in this document is for general informational purposes only. Any liability for the completeness, accuracy, timeliness, or reliability of the content is expressly excluded. Consult legal, compliance, or technical experts to ensure your specific compliance and security needs are adequately addressed.