CAT FAQ & Abbreviations
Name | Description |
---|---|
Path to Certificate to Field (CtF) Cybersecurity Assessment | The Platform One (P1) Cybersecurity CtF process provides Party Bus (PB) customers with a CtF authorization, leveraging the P1 Continuous Authority to Operate (c-ATO), that allows the ability to deploy applications at Impact Levels (ILs) 2,4,5 and 6 for Department of Defense (DoD) customers, IAW with all NIST 800-53 controls, and the Cloud Computing Security Compliance Guide. |
Services
Name | Description |
---|---|
DevSecOps pipeline security | The Cyber Applications Team (CAT) provides DevSecOps services to the Party Bus pipeline by implementing OWASP ZAP, and twistlock scans and testing. |
Software security requirement compliance | |
Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) | Through the use of SonarQube and Fortify, the CAT is able to work with the teams and Mission Apps DevSecOps (MDO) to research security hotspots and reinforce secure coding best practices. |
Customer engagement | The CAT engages daily with customers to shape deconflict requirements, and to resolve blockers during the CtF process. For both current and potential PB customers. |
Trouble ticket triaging | All cyber security tickets are triaged by the CAT. |
Customer advocacy | The CAT also advocates for the product teams with Platform enablers (i.e., MDO, Cyber VS, ISSM, ISSO, and PB CS) to find solutions that benefit the product teams while assuring compliance with Platform One ATOs. |
Cybersecurity Onboarding | The CAT performs initial Cybersecurity on-boarding meetings with all product teams entering the CtF process. |
Cybersecurity Mentorship | The CAT works with teams to improve upon their apps cybersecurity posture throughout the CtF process. |
Body of Evidence (BOE) generation | As part of the CtF process the CAT builds the Body of Evidence for each app IAW the P1 c-ATO. |
Continuous monitoring | Through the use of SD Elements, the CAT performs continuous monitoring for all apps in PB pipeline, ensuring NIST 800-53 compliance throughout the CtF lifecycle. |
Penetration Testing | The CAT performs penetration testing on apps in staging to reinforce the pipeline integrated security tools. |
Enabling secure coding best practice | The CAT reinforces secure coding best practices by working with developers to bridge the gap between well written code and securely written code. |