SD Elements is now available in the U.S. Department of Defense (DoD) Platform One Iron Bank repository which contains authorized container images hardened to the department’s exacting specifications.
This means that developers creating or modifying software applications for the federal government agencies and the DoD can deploy software at the speed of mission by building in compliance from the start. They can comply with the standards, and streamline their development processes to obtain Authority to Operate (ATO) faster.
Obtain ATO faster
Federal government agencies, departments, and contractors with applications that process or store federal data know they must comply with federal security standards to obtain ATO, which is typically a long and challenging process.
However, many organizations within the federal government and the DoD, including Platform One, the official DevSecOps Enterprise Services team for the DoD, as well as the U.S. Air Force, the U.S. Navy, and the U.S. Securities and Exchange Commission, have used SD Elements to significantly reduce the amount of time required to obtain ATO. For example, a DoD DevSecOps software factory recently used SD Elements to reduce the time required to achieve ATO from 12 months to two weeks.
The containerized SD Elements platform now available in Iron Bank leverages Docker containers and Kubernetes orchestration. Fast-moving DevSecOps teams within the federal government and the DoD can use the containerized version of SD Elements to automate the generation of software security requirements down to developer-level implementation tasks based on the project’s technology, business, and compliance drivers.
Streamlined acquisition process for the federal government agencies and the DoD
License agreements between Security Compass and Platform One on multiple contract pathways make SD Elements available to any federal government agency or DoD DevOps program or initiative, simplifying the acquisition process.
Developers creating applications for the federal government agencies and the DoD can download SD Elements directly into their development environment from Iron Bank. Federal government agencies and DoD DevSecOps teams always have access to the latest accredited version of SD Elements, which has been fully vetted and approved for deployment by the DoD Platform One DevSecOps team.
This enables DevSecOps teams within the federal government agencies and the DoD to rapidly acquire and deploy the instances of SD Elements they need to ensure secure coding practices and comply with federal security standards without undergoing a prolonged software purchasing and acquisition process.
Security Compass has invested significant additional engineering resources to ensure the new containerized version of SD Elements meets the highest federal government and DoD application security standards.
The new containerized version of SD Elements in Iron Bank:
- Helps eliminate security vulnerabilities before scanning begins.
- Identifies where to focus manual security testing.
- Scales secure development practices through Just-in-Time Training.
- Integrates with popular development tools such as Jira and other leading issue trackers so that developers do not have to access a separate system.
- Enables validation of secure coding standards and controls through integration with popular static and dynamic application security testing tools (SAST/DAST).
The Iron Bank container also enables faster deployment, streamlined upgrades, and rapid scaling of SD Elements across the federal government and the DoD DevSecOps programs.
To learn more about how you can use SD Elements as a part of your DevOps program to shift left, and build security and compliance in at the very beginning to achieve faster time to ATO, please read this blog.
About Security Compass
Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. For more information, please visit www.securitycompass.com.