Description A FIPS-validated, security-hardened base container image designed for enterprise environments requiring strict compliance and enhanced security measures. Features comprehensive STIG hardening, minimal attack surface, and validated cryptographic modules for regulated industries.
Key Features Core capabilities and strengths of this container
FIPS 140-2 validated cryptographic modules STIG-compliant security configurations Minimal base image with reduced attack surface Enterprise-grade security controls Common Use Cases Typical scenarios where this container excels
Government and military applications Financial services and banking systems Healthcare information systems Regulated industry deployments Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/cleanstart-base-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/cleanstart-base-fips:latest-devBasic Run Run the container with basic configuration
bash docker run -it --name cleanstart-base-fips-test clnstrt-images.cleanstart.com/$ORGANIZATION/cleanstart-base-fips:latest-devProduction Deployment Deploy with production security settings
bash docker run -d --name cleanstart-base-fips-prod \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
clnstrt-images.cleanstart.com/$ORGANIZATION/cleanstart-base-fips:latestVolume Mount Mount local directory for persistent data
bash docker run -v $(pwd)/data:/data clnstrt-images.cleanstart.com/$ORGANIZATION/cleanstart-base-fips:latestPort Forwarding Run with custom port mappings
bash docker run -p 8080:80 clnstrt-images.cleanstart.com/$ORGANIZATION/cleanstart-base-fips:latestEnvironment Variables Configuration options available through environment variables
FIPS_MODE FIPS mode configuration enabledSTIG_PROFILE STIG compliance level highAUDIT_LEVEL Audit logging level basicCRYPTO_POLICY System-wide crypto policy FIPS:OSPPSecurity Best Practices Recommended security configurations and practices
Verify FIPS mode is enabled using fips-mode-setup --check Implement mandatory access controls Configure audit logging for compliance Use security-enhanced Linux (SELinux) policies Regular security compliance scanning Monitor cryptographic operations Implement secure key management Regular security patch updates Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seLinuxOptions:
type: container_tDocumentation Resources Essential links and resources for further information