Presented at the SECRET level. Separate registration required. Click here to register.
Approved for 1 GIAC CPE
The next evolution of secure agile capability delivery follows from disruptive changes being realized in Industry. JIDA has designed and has an IOC implementation of a Secure DevOps SDLC in order to continue to reduce capability deployment time to meet it quick reaction capability (QRC) support to deployed warfighters. This delivery pipeline increases speed drastically, but more importantly protects JIDA's information security by ensuring compliance with all DoD security requirements for software delivery on mission-critical systems. By focusing on continuous monitoring and validation of processes versus enforcing multiple approval gates, technical and policy implementation of DevOps enables JIDA's new Mission IT features to go from backlog to production delivery in near real-time. JIDA DevOps design is composed of a fully automated code delivery pipeline equipped with software configuration management, unit and end to end testing, static code analysis, security control compliance scans, vulnerability scans, and penetration testing while offering full transparency and continuous monitoring to achieve true "Continuous Authorization" of the Catapult commoditized big data platform and Attack the Network suite of tools.
The JIDA story is evidence that when the organizational barriers of policy and bureaucracy are eliminated in favor of high trust, high collaboration, and secure agile best practices - spanning across all of the domains of mission/functional, development, and operations & maintenance - the goals of all of these disciplines are served. Tools and capabilities are delivered faster, more securely, operate more reliably, and answer real user's needs for far less cost. In the constrained environment Federal community faces, organizations will have to follow both JIDA's example and motto, "Apto Aut Morior" - Adapt or Die.