DevSecOps
DevSecOps is a set of software development practices that combines software development (Dev), security (Sec), and information technology operations (Ops) to secure the outcome and shorten the development lifecycle.
The DOCS Mission is to develop a Continuous Monitoring (CM) approach for all Department of Defense (DoD) mission partners that monitors and provides compliance enforcement of containerized applications which cover all the DevSecOps pillars (Develop, Build, Test, Release & Deploy, and Runtime) for a secure posture with the focus being on automation and integration going forward.
CaC now accessible to download below
Title | Size | Updated | |
---|---|---|---|
NGINX CINC Profile for Anchore
|
169.99 KB |
25 Jun 2024
|
|
MongoDB CINC Profile for Anchore
|
100.93 KB |
25 Jun 2024
|
|
JRE 7 CINC Profile for Anchore
|
12.45 KB |
25 Jun 2024
|
|
JBoss CINC Profile for Anchore
|
118.54 KB |
25 Jun 2024
|
|
Crunchy Postgres CINC Profile for Anchore
|
260.28 KB |
25 Jun 2024
|
|
Apache Tomcat CINC Profile for Anchore
|
145.1 KB |
25 Jun 2024
|
|
Apache Site CINC Profile for Anchore
|
171.69 KB |
25 Jun 2024
|
|
Apache Server CINC Profile for Anchore
|
271.06 KB |
25 Jun 2024
|
|
Ubuntu 20 CINC Profile for Anchore
|
346.1 KB |
11 Jun 2024
|
|
RHEL 8 CINC Profile for Anchore
|
293.37 KB |
11 Jun 2024
|
|
Postgres 9 CINC Profile for Anchore
|
240.29 KB |
11 Jun 2024
|
|
unclass-docs_what_is_a_container
|
5.16 MB |
11 Sep 2023
|
|
DevSecOps Enterprise Container Hardening Guide 1.2
|
967.81 KB |
19 Sep 2022
|
|
Depart of Defense (DoD) Cloud Native Access Point (CNAP) Reference Design (RD) - V1 R1
The purpose of the CNAP RD is to describe and define the set of capabilities, fundamental components, data flows, logical design pattern, and derived reference implementations for deploying, connecting to, and operating a CNAP. The RD guides the development of next generation cybersecurity capabilities to enable connectivity from the internet into DoD resources and services hosted in commercial cloud environments.
|
1.57 MB |
24 Aug 2021
|
|
DevSecOps Enterprise Strategy
|
979.3 KB |
04 Aug 2021
|
|
DoD Enterprise DevSecOps Reference Design: CNCF Kubernetes
|
3 MB |
23 Jun 2021
|
|
DevSecOps Fundamentals Playbook - Ver 2, Rel 1
DevSecOps is a software engineering culture that guides a team to break down silos and unify software development, deployment, security and operations. Critical to the success of DevSecOps adoption is buy-in from all stakeholders, including: leadership, acquisition, contracting, middle-management, engineering, security, operations, development, and testing teams. Stakeholders across the organization must change their way of thinking from “I” to “we”, while breaking team silos, and understanding that the failure to successfully deliver, maintain, and continuously engineer software and its underlying infrastructure is the failure of the entire organization, not one specific team or individual.
|
866.65 KB |
18 Jun 2021
|
|
DevSecOps Fundamentals Guidebook: DevSecOps Tools & Activities - ver 2, rel 1
The goal of DevSecOps is to improve customer outcomes and mission value through the automation, monitoring, and application of security at every phase of the software lifecycle. Practicing DevSecOps requires an array of purpose-built tools and a wide range of activities that rely on those tools. This document conveys the relationship between each DevSecOps phase, a taxonomy of supporting tools for a given phase, and the set of activities that occur at each phase cross-referenced to the tool(s) that support the specific activity.
|
1009.07 KB |
16 Jun 2021
|
|
DoD Enterprise DevSecOps Fundamentals
This document is intended as an educational compendium of universal concepts related to DevSecOps, including normalized definitions of DevSecOps concepts.
|
2.78 MB |
11 Jun 2021
|
|
DoD Enterprise DevSecOps Strategy Guide
The DevSecOps Strategy Guide provides an executive summary of DevSecOps as a whole by establishing a set of strategic guiding principles that every approved DoD enterprise-wide DevSecOps reference design must support. This document is generally consumed by PEOs and anyone in non-technical leadership positions.
|
1.86 MB |
11 Jun 2021
|
|
Container Image Creation and Deployment Guide Version 2, Release 0.6
The Container Image and Deployment Guide will provide the technical requirements for container image creation and deployment within a container platform.
|
880 KB |
17 Nov 2020
|
|
DoD Enterprise DevSecOps Reference Design v1.0
The main purpose of this document is to provide a logical description of the key design components and processes to provide a repeatable reference design that can be used to instantiate a DoD DevSecOps software factory.
|
— |
09 Nov 2020
|
|
Sunset - Docker Enterprise 2.x Linux/Unix STIG for Ansible - Ver 1, Rel 1
|
489.84 KB |
22 Jun 2020
|
For questions or comments regarding DevSecOps content or documents, please contact the DISA SD DevSecOps Helpdesk: [email protected]
You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:
· The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
· At any time, the USG may inspect and seize data stored on this IS.
· Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.
· This IS includes security measures (e.g., authentication and access controls) to protect USG interests – not for your personal benefit or privacy.
Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.