Anchore Delivers New Automated Policies that Accelerate FedRAMP Compliance for Containerized Applications

SANTA BARBARA, Calif., March 31, 2021 /PRNewswire/ — Today Anchore, the leader in continuous security and compliance for containers, announced the release of a new FedRAMP policy pack. This proprietary policy scanning pack will help software vendors and cloud service providers identify and resolve compliance issues for containerized applications and shorten the timeline to achieve a FedRAMP authority to operate (ATO) certification.


The new policy pack provides pre-built checks for FedRAMP controls that apply to containers. It will help organizations meet the supplemental requirements within the 6-month deadline specified in the Vulnerability Scanning Requirements for Containers document released by FedRAMP in March 2021.

Use of Anchore and the FedRAMP policy pack will:

  • Scan and assess images to identify which FedRAMP controls are failing and provide the specific changes needed to remediate the issue;
  • Harden container images to meet FedRAMP scanning requirements;
  • Embed the needed security and compliance checks into the container build, test, and orchestration pipeline;
  • Monitor containers in the registry and running in production and ensure they have been scanned within the required 30-day scanning window;
  • Generate a container workload artifact report for use with federal assessors and third-party assessor organizations (3PAO).

It is critical that enterprises remediate issues and identify vulnerabilities within containers and open source components, especially with the rise of software supply chain attacks,” said Daniel Nurmi, CTO and Co-Founder of Anchore. By applying FedRAMP policies and mapping back to specific checks within the NIST 800 compliance control set, were helping companies expedite the time to reach FedRAMP authorization and reduce their costs to maintain compliance.”

Learn how to expedite FedRAMP authorization of containerized applications in a free webinar on Thursday, April 8, 2021. Join Anchore engineers as they discuss the necessary steps to meet requirements of the FedRAMP vulnerability scanning requirements for containers:

For information on how Anchore can assist in the FedRAMP qualification process or to request a demo go to

About Anchore

Anchore accelerates the development of secure and compliant cloud-native applications. Our suite of container security solutions seamlessly embeds in the DevOps lifecycle with continuous security and compliance checks early in the software development process. From sourcing to CI/CD pipelines to production, Anchores solutions protect the software supply chain and prevent container security risks from reaching production. Using Anchore as part of the DevSecOps toolchain creates a reliable way to detect issues earlier, save developers time and lower the cost to fix vulnerabilities. Built with an open source foundation, Anchore solutions provide transparency into source code and the benefit of peer reviews.

Headquartered in California with offices in Virginia and the UK, Anchore customers include large enterprises and government agencies that require secure and compliant cloud-native applications. To learn more about Anchores solutions, visit

Note to press:

–       Experts available for interview upon request

–       Screen grab images available for publication

Media Contact:

Brandie Gerrish

[email protected] 

Cision View original content to download multimedia:

SOURCE Anchore

MENTIS Inc. launches MENTIS R21 – a revolutionary update that offers best-in-class data security and a revamped customer experience.

phoenixNAP Improves Multi-Cloud Connectivity with Megaport Cloud Router