DevSecOps for US Agencies
Deep security controls
In many cases, the IT security controls of agencies are intransparant to the federal agents. Mostly buried deep within the technology stacks. This complicates evidence on security. Through a collaborative DevSecOps framework agencies should get better options to provide transparant proof of security controls.
Quite a challenge
Changing a mindset that has grown over several decades is very tough. Agencies have largely remained in a ‘waterfall’ mindset. For many of them, DevOps is still in pilot phase for a handful of applications.