card image

Maximizing Cybersecurity Efficiency for the US Navy with DevSecOps

Varada provided cybersecurity services for the Distributed Common Ground Services-Navy (DCGS-N) program, successfully improving the development cycle by implementing a DevSecOps pipeline that automated the deployment, testing, and reporting of vulnerabilities while ensuring compliance with regulations. 

About the Client

The Naval Information Warfare Center Pacific (NIWC PAC) is a leading provider of cutting-edge technology and research services to the U.S. Navy. At the forefront of their efforts is the Distributed Common Ground System-Navy (DCGS-N), a critical system that underpins the Navy's information warfare capabilities. The DCGS-N delivers advanced intelligence, surveillance, and reconnaissance functions, supporting vital military operations and decision-making processes. However, securing both production and development products posed a challenge for NIWC PAC, as they sought a solution to ensure their web-based applications were RMF-compliant and authorized with an Authority to Operate (ATO). The quest for a comprehensive solution to meet these stringent security requirements was a top priority for the NIWC PAC team.

Solution and Outcomes

Varada Consulting implemented a DevSecOps pipeline to improve the development cycle and integrate security fixes in real-time. The pipeline made use of tools such as Jenkins, Docker, Openshift, XRAY, Coverity, ACAS, Nessus, McAfee, and many others to automate the process of deploying and testing applications before a vulnerability check and status report. The DevSecOps pipeline dramatically improved the development time and incident response processes, as applications could be rapidly patched and moved into production to address outstanding risks, minimizing the mean time to recovery time when system interruption was necessary.

Tools and Compliance

Varada's DevSecOps pipeline validated the firm's cyber security expertise, showing comprehensive coverage of all facets of cyber security, not just scanning and reporting. The pipeline was compliant with Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) checks, as well as static code scanning, dynamic code scanning, and active application scanning. The DevSecOps pipeline also enabled real-time status updates, allowing developers and cyber security engineers to pull reports at any time, eliminating the need for manual work previously necessary for acquiring them.

Related Case Studies

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam.

Implementing Innovative Health IT Solutions for the VA EHRM Project

Varada Consulting provided Health IT services for the VA EHRM-IO Infrastructure Readiness PMO, including budgeting, acquisition, logistics, deployment and training, while ensuring compliance and information security and executing full life cycle program management and procurement support.

View Case Studie Details

Securing High-Value Medical Assets for the Department of Veterans Affairs

Varada provided cybersecurity services to the Department of Veterans Affairs (VA) within the Joint Cyber Operation Integration Center (JCOIC). The project included securing and protecting High Value Medical Assets (HVMA) and performing Enterprise Risk Assessments (ERA) to minimize risks associated with vulnerabilities and support the VA Electronic Health Records Modernization (EHRM).

View Case Studie Details