Opportunity Details
Tracking Number

Not Provided

Organization

Joint Federated Assurance Center (JFAC)/Defense Information Systems Agency (DISA)

Start Date

Sep 9, 2022  ET

End Date

Sep 15, 2022  ET

Current Status

Closed

Registration

Open

No Attachments

To find out more information about this Opportunity, please signin or register for an account.
More Opportunities

No additonal Opportunities were found.

testimonial
Compliance as Code / Continuous Compliance Monitoring / Federated Assurance
Opportunity Summary
Description
Submit NLT 23:59 ET, 15 September 2022
The Department of Defense (DoD) is looking to improve the speed, quality, efficiency, and security of software development with a DevSecOps environment supporting the DoD’s federated community. This effort is looking to achieve three core lines of effort culminating in prototypes and demonstrations in support of federated DevSecOps across the DoD. These core lines of effort are compliance as code, continuous compliance monitoring, and federated assurance. These three core lines of effort would result in prototypes and demonstrations that would show how federated DevSecOps across the DoD could work.
Opportunity Details
                                                                     

      


 The US Department of Defense is looking for a way to improve its assurance processes in order to better understand the trustworthiness of its systems. They want a system that can:


- Maximize the discovery of vulnerabilities to containerized applications in runtime and


-Report vulnerabilities through a federated approach for consumption by current legacy cybersecurity management systems.


Currently, the Department of Defense lacks an efficient method for monitoring containerized applications that can provide near real-time checks based on security technical implementation guides (STIGs). This lack of assurance can lead to vulnerabilities being exploited by adversaries, which could jeopardize national security. The Department of Defense needs a system that can address these concerns in order to protect the country.


Project Objectives:


  • To improve software development speed, quality, and efficiency.
  • To improve security by prototyping and demonstrating a continuous compliance monitoring tool.
  • To improve the quality and efficiency of assurance across the DoD by prototyping and demonstrating a federated assurance system.


Milestones:


The prototype tool will encompass and integrate the three core needs:

  • A prototype of the DevSecOps environment, 
  • A prototype of a continuous compliance monitoring tool,
  • A prototype of a federated assurance system.
 
 
 
 
 
 
Use Case Scenario
Compliance as Code:
  • The DISA-JFAC partnership is working to improve software development speed, quality, and efficiency by prototyping and demonstrating automated content based upon security technical implementation guides (STIGs) for use in DevSecOps and containerized environments.
Continuous Compliance Monitoring:
  • The partnership is also working to improve security by prototyping and demonstrating a continuous compliance monitoring tool that can detect and respond to deviations from security technical implementation guides (STIGs) and DoD standards .
Federated Assurance:
  • Finally, the partnership is working to improve the quality and efficiency of assurance across the DoD by prototyping and demonstrating a federated assurance system that allows different stakeholders to share assurance data and processes through the development and use of application programming interfaces (APIs).
Future State Solution
The partnership between DISA and JFAC is working to improve software development speed, quality, and efficiency by prototyping a compliance monitoring tool that supports near real-time scanning of containerized applications based on security technical implementation guides (STIGs) . This tool will allow the DoD to more easily discover container vulnerabilities and misconfigurations and through the use of application programming interfaces (APIs) provide the data to government cybersecurity management systems.
Keywords
Software Development, Prototyping, DevSecOps, Federateed Assurance System
Reference URL
Not Provided
Point of Contact

Name

Anna Nichols

Email

annaelizabeth.d.nichols.civ@mail.mil

Title

Procurement Analyst

Phone

Not Provided