Menu



WSA 002 DEVSECOPS for the DoD: Security Focus





DAU Courses
AUD

iCatalog Home WSA 002 DEVSECOPS for the DoD: Security Focus
(Last Modified:08-Jul-2022)


apply apply
print


 
Description
This course brings together software engineers and cyber security professionals to provide students with an understanding of the capabilities required to secure software developed using a DevSecOps (DSO) methodology; and the cultural transition that must take place to successfully enable the continuous evaluation of security for DoD programs.

The greatest impediment to DoD’s transition to DSO is the use of a manual, checklist-based, security practices. New automated practices, continuous Authority to Operate (cATO), and continuous monitoring of software are needed to align our security and deployment practices with DoD’s strategy to deliver capability at the speed of relevance. While a cATO and automating Risk Management Framework (RMF) controls are critical to enabling DSO, that process alone is necessary but insufficient. Truly secure software development also involves additional practices such as secure software engineering, software assurance, and threat modeling.

In DCP, students will learn the importance of security in DSO, how the DoD DSO reference design supports built-in security across all layers, the importance of automation in development of security artifacts, and how these artifacts inform the cATO. Industry full-stack engineers and practitioners demonstrate the “Sec” in DevSecOps through hands-on DSO pipeline demonstrations. A final case study leverages classroom generated artifacts from the DAUx DevSecOps Continuous Integration/Continuous Delivery (CI/CD) pipeline, allowing students to walkthrough the development of a cATO package with the goal of providing developers and cyber practitioners with confidence that the software delivered is functional and secure.

For those interested in expanding their knowledge on DevSecOps, to include topics like Agile, Cloud and Cyber, DAU offers a range of learning assets. To explore these resources and deepen your understanding of modern software practices, CLICK HERE

Objectives
Download Course Objectives
Target Attendees
Software Engineers, Cybersecurity and Cyber Operation professionals of the Defense Acquisition Workforce or those who desire addition detailed knowledge on the security aspects of DevSecOps, including the Program Management staff.
Prerequisite(s)
Recommended Prerequisites: CLE 074, CLE 075, CLE 076, and WSA 001.
Predecessor Course(s)
Predecessor Predecessor Course Title PDS Code Expires On
None None None None
Course Length
3 day in-person classroom
Additional Course Information
Delivery Mode Workshop
Equivalent Courses N/A
Availability All
PDS Code N/A
Walk-ins Authorized No
Pre-work required No
First Offering 6/15/2020
ACE Recommended Credits N/A
Continuing Education Units   0
Continuous Learning Points  14
Reservist Retirement Points  0
Historical Allocations Mouse Over for Past CEU/CLPs
Fulfillment Eligible N/A
Technical Requirements Click Here
Notes
    To inquire about or request this workshop for your organization, please click here