Containerized version of SD Elements is the first container solution to support Balanced Development Automation for federal government DevSecOps teams
March 16, 2021 08:00 AM Eastern Daylight Time
TORONTO--(BUSINESS WIRE)--Security Compass, developer of the industry’s first Balanced Development Automation (BDA) platform, today announced that their flagship product, SD Elements, is now available in the U.S. Department of Defense (DoD) Platform One Iron Bank repository. As part of the Iron Bank repository, SD Elements is pre-approved for use by DoD development teams as a containerized software application that has cleared the government’s cybersecurity requirements.
The ability to develop, procure, deploy, and continuously improve software is central to national defense. SD Elements automatically identifies and translates software security requirements into easy-to-follow tasks for developers and tracks their completion. Using SD Elements, developers creating applications for the U.S. federal government can streamline development processes, and ultimately release applications quickly in a secure, efficient, and agile manner.
“Federal agencies, departments, and contractors with applications that process or store federal data must comply with federal security standards to obtain ATO, which is often a long and challenging process. Within Platform One, the use of SD Elements helps reduce the process of meeting ATO requirements down to days or weeks, not months or years,” said Ehsan Foroughi, Vice President, Products, of Security Compass. “SD Elements enables DevSecOps teams within the DoD and other federal agencies to ‘go fast’ while ensuring application security. We are proud of this advancement which allows us to serve a larger Fed/DoD DevSecOps marketspace.”
Security Compass has invested significant resources to ensure the new containerized version of SD Elements meets the highest DoD application security standards. The containerized SD Elements application provides the following benefits:
- Helps eliminate security vulnerabilities before scanning begins by automatically identifying risks and potential weaknesses, mapping them to the federal government and DoD security requirements, and assigning a risk rating.
- Scales secure development practices through Just-in-Time Training (JITT).
- Integrates with popular development team tools such as Jira and other widely used issue trackers so that developers do not have to access a separate system.
- Enables validation of secure coding standards and controls through integration with popular static and dynamic application security testing (SAST/DAST) solutions.
- Provides detailed reporting on a project coverage status, which helps enable alignment and compliance measurement against a defined Risk Policy.
“Rapid software development is an important goal of the U.S. military, but it should never come at the expense of security,” said Nicolas Chaillan, Chief Software Officer, U.S. Air Force and co-lead, DoD Enterprise DevSecOps Initiative. “SD Elements is a key component of the Platform One DevSecOps product stack supporting the DoD Enterprise DevSecOps Initiative. SD Elements acceptance into Iron Bank ensures fast-moving development teams can build security into their software applications from inception. This accelerates achievement of continuous ATO, which in turn supports faster deployment of more secure software at the speed and scale required to meet the federal government’s accelerating demands.”
Several federal government agencies, including the U.S. Air Force, the U.S. Navy, and the U.S. Securities and Exchange Commission, currently use the on-premise version of SD Elements. Developers creating software applications for federal government agencies can now download SD Elements directly into their development environment from Iron Bank, ensuring that these DevSecOps teams always have access to the latest accredited version of SD Elements.
For more information on how SD Elements supports continuous ATO, read more here.
The CyberWire Daily Briefing: V10 Issue 50
March 16, 2021