card image

Maximizing Cybersecurity Efficiency for the US Navy with DevSecOps

Varada provided cybersecurity services for the Distributed Common Ground Services-Navy (DCGS-N) program, successfully improving the development cycle by implementing a DevSecOps pipeline that automated the deployment, testing, and reporting of vulnerabilities while ensuring compliance with regulations. 

About the Client

The Naval Information Warfare Center Pacific (NIWC PAC) is a leading provider of cutting-edge technology and research services to the U.S. Navy. At the forefront of their efforts is the Distributed Common Ground System-Navy (DCGS-N), a critical system that underpins the Navy's information warfare capabilities. The DCGS-N delivers advanced intelligence, surveillance, and reconnaissance functions, supporting vital military operations and decision-making processes. However, securing both production and development products posed a challenge for NIWC PAC, as they sought a solution to ensure their web-based applications were RMF-compliant and authorized with an Authority to Operate (ATO). The quest for a comprehensive solution to meet these stringent security requirements was a top priority for the NIWC PAC team.

Solution and Outcomes

Varada Consulting implemented a DevSecOps pipeline to improve the development cycle and integrate security fixes in real-time. The pipeline made use of tools such as Jenkins, Docker, Openshift, XRAY, Coverity, ACAS, Nessus, McAfee, and many others to automate the process of deploying and testing applications before a vulnerability check and status report. The DevSecOps pipeline dramatically improved the development time and incident response processes, as applications could be rapidly patched and moved into production to address outstanding risks, minimizing the mean time to recovery time when system interruption was necessary.

Tools and Compliance

Varada's DevSecOps pipeline validated the firm's cyber security expertise, showing comprehensive coverage of all facets of cyber security, not just scanning and reporting. The pipeline was compliant with Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) checks, as well as static code scanning, dynamic code scanning, and active application scanning. The DevSecOps pipeline also enabled real-time status updates, allowing developers and cyber security engineers to pull reports at any time, eliminating the need for manual work previously necessary for acquiring them.

Related Case Studies

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.

Securing High-Value Medical Assets for the Department of Veterans Affairs

Varada provided cybersecurity services to the Department of Veterans Affairs (VA) within the Joint Cyber Operation Integration Center (JCOIC). The project included securing and protecting High Value Medical Assets (HVMA) and performing Enterprise Risk Assessments (ERA) to minimize risks associated with vulnerabilities and support the VA Electronic Health Records Modernization (EHRM).

View Case Studie Details

Streamlining IT Operations for the US Army with a Virtual Private Cloud

Varada Consulting successfully implemented a Virtual Private Cloud (VPC) for the US Army’s Technology Applications Office (TAO), meeting the requirements of the TAO Big Data Platform and other IT initiatives.

View Case Studie Details