Strategy for a compliant NIST 800-171 web app deployment in AWS

old.reddit.com / @/u/NoInstruction105, https://old.reddit.com/user/NoInstruction105

I'm trying to deploy several docker containers (that operate on CUI data) into an AWS environment. These containers serve a web app that I want internal users at our company to be able to access via their web browser.

As this system will operate on CUI data, we've started out by deploying the NIST 800 171 Conformance Pack into AWS Config to help ensure our AWS resources and network configurations are in compliance.

I'm struggling to come up with a good strategy to enable this deployment that doesn't break one of the rules of the conformance pack. Specifically, the rules that no ec2 instances or VPC subnets can have public IP addresses associated with them are particularly limiting. Basically every strategy I've thought of (e.g. using a bastion host, VPN, cloudflared, etc.) would require at least a public subnet within the VPC of the deployment in order to work.

Has anyone else solved this problem? Or have any ideas how this deployment could work? Thank you.

submitted by /u/NoInstruction105
[link] [comments]

published 6 months ago


Previous

AO's role in RMF seems like a conflict of interests
published 6 months ago

Next

AC control family - Windows event IDs
published 6 months ago
See all items from the same source