DevSecOps for US Agencies

Mar 22, 2020

Deep security controls

In many cases, the IT security controls of agencies are intransparant to the federal agents. Mostly buried deep within the technology stacks. This complicates evidence on security. Through a collaborative DevSecOps framework agencies should get better options to provide transparant proof of security controls.

Quite a challenge

Changing a mindset that has grown over several decades is very tough. Agencies have largely remained in a ‘waterfall’ mindset.  For many of them, DevOps is still in pilot phase for a handful of applications.