SD Elements Meets the U.S. DoD Iron Bank Security Requirements

March 23, 2021 Security Compass

DoD Iron Bank

SD Elements, the industry’s first Balanced Development Automation (BDA) platform, is now available in the U.S. Department of Defense (DoD) Platform One Iron Bank repository which contains authorized container images hardened to the department’s exacting specifications.

This means that developers creating or modifying software applications for the federal government agencies and the DoD can deploy software at the speed of mission by building in compliance from the start. They can comply with the standards, and streamline their development processes to obtain Authority to Operate (ATO) faster. 

Obtain ATO faster

Federal government agencies, departments, and contractors with applications that process or store federal data know they must comply with federal security standards to obtain ATO, which is typically a long and challenging process.

However, many organizations within the federal government and the DoD, including Platform One, the official DevSecOps Enterprise Services team for the DoD, as well as the U.S. Air Force, the U.S. Navy, and the U.S. Securities and Exchange Commission, have used SD Elements to significantly reduce the amount of time required to obtain ATO. For example, a DoD DevSecOps software factory recently used SD Elements to reduce the time required to achieve ATO from 12 months to two weeks. 

The containerized SD Elements platform now available in Iron Bank leverages Docker containers and Kubernetes orchestration. Fast-moving DevSecOps teams within the federal government and the DoD can use the containerized version of SD Elements to automate the generation of software security requirements down to developer-level implementation tasks based on the project’s technology, business, and compliance drivers.

Streamlined acquisition process for the federal government agencies and the DoD

License agreements between Security Compass and Platform One on multiple contract pathways make SD Elements available to any federal government agency or DoD DevOps program or initiative, simplifying the acquisition process. 

Developers creating applications for the federal government agencies and the DoD can download SD Elements directly into their development environment from Iron Bank. Federal government agencies and DoD DevSecOps teams always have access to the latest accredited version of SD Elements, which has been fully vetted and approved for deployment by the DoD Platform One DevSecOps team.

This enables DevSecOps teams within the federal government agencies and the DoD to rapidly acquire and deploy the instances of SD Elements they need to ensure secure coding practices and comply with federal security standards without undergoing a prolonged software purchasing and acquisition process.

Learn more

Security Compass has invested significant additional engineering resources to ensure the new containerized version of SD Elements meets the highest federal government and DoD application security standards. 

The new containerized version of SD Elements in Iron Bank:

  • Helps eliminate security vulnerabilities before scanning begins.
  • Identifies where to focus manual security testing.
  • Scales secure development practices through Just-in-Time Training.
  • Integrates with popular development tools such as Jira and other leading issue trackers so that developers do not have to access a separate system.
  • Enables validation of secure coding standards and controls through integration with popular static and dynamic application security testing tools (SAST/DAST).

The Iron Bank container also enables faster deployment, streamlined upgrades, and rapid scaling of SD Elements across the federal government and the DoD DevSecOps programs. 

To learn more about how you can use SD Elements as a part of your DevOps program to shift left, and build security and compliance in at the very beginning to achieve faster time to ATO, please read this blog.

Previous Article
Penetration Testing at the Speed of Agile
Penetration Testing at the Speed of Agile

When penetration testing in Agile, yearly is not enough. Learn how continuous penetration testing leads to ...

Next Article
Secure Your Software Build Operations
Secure Your Software Build Operations

What secures (or fails to secure) your business does not depend on written policies. It depends on what you...

The 2021 State of DevSecOps Report: Drivers and Challenges

Download Now