About the Client
The Naval Information Warfare Center Pacific (NIWC PAC) is a leading provider of cutting-edge technology and research services to the U.S. Navy. At the forefront of their efforts is the Distributed Common Ground System-Navy (DCGS-N), a critical system that underpins the Navy's information warfare capabilities. The DCGS-N delivers advanced intelligence, surveillance, and reconnaissance functions, supporting vital military operations and decision-making processes. However, securing both production and development products posed a challenge for NIWC PAC, as they sought a solution to ensure their web-based applications were RMF-compliant and authorized with an Authority to Operate (ATO). The quest for a comprehensive solution to meet these stringent security requirements was a top priority for the NIWC PAC team.
Solution and Outcomes
Varada Consulting implemented a DevSecOps pipeline to improve the development cycle and integrate security fixes in real-time. The pipeline made use of tools such as Jenkins, Docker, Openshift, XRAY, Coverity, ACAS, Nessus, McAfee, and many others to automate the process of deploying and testing applications before a vulnerability check and status report. The DevSecOps pipeline dramatically improved the development time and incident response processes, as applications could be rapidly patched and moved into production to address outstanding risks, minimizing the mean time to recovery time when system interruption was necessary.
Tools and Compliance
Varada's DevSecOps pipeline validated the firm's cyber security expertise, showing comprehensive coverage of all facets of cyber security, not just scanning and reporting. The pipeline was compliant with Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) checks, as well as static code scanning, dynamic code scanning, and active application scanning. The DevSecOps pipeline also enabled real-time status updates, allowing developers and cyber security engineers to pull reports at any time, eliminating the need for manual work previously necessary for acquiring them.