Menu



WSA 002





DAU Courses
AUD

iCatalog Home WSA 002 DevSecOps for the Department of Defense (DoD)
(Last Modified:29-Dec-2020)

apply
print


 
Description
This course brings together software engineers and cyber security professionals to provide students with an understanding of the capabilities required to secure software developed using a DevSecOps (DSO) methodology; and the cultural transition that must take place to successfully enable the continuous evaluation of security for DoD programs.

The greatest impediment to DoD’s transition to DSO is the use of a manual, checklist-based, security practices. New automated practices, continuous Authority to Operate (cATO), and continuous monitoring of software are needed to align our security and deployment practices with DoD’s strategy to deliver capability at the speed of relevance. While a cATO and automating Risk Management Framework (RMF) controls are critical to enabling DSO, that process alone is necessary but insufficient. Truly secure software development also involves additional practices such as secure software engineering, software assurance, and threat modeling.

In DCP, students will learn the importance of security in DSO, how the DoD DSO reference design supports built-in security across all layers, the importance of automation in development of security artifacts, and how these artifacts inform the cATO. Industry full-stack engineers and practitioners demonstrate the “Sec” in DevSecOps through hands-on DSO pipeline demonstrations. A final case study leverages classroom generated artifacts from the DAUx DevSecOps Continuous Integration/Continuous Delivery (CI/CD) pipeline, allowing students to walkthrough the development of a cATO package with the goal of providing developers and cyber practitioners with confidence that the software delivered is functional and secure.

The critical performance behaviors that participants bring back to the workplace include:
-Begin leading changes needed to initiate modern software practices towards establishing a cATO process. -Conversant in tech literacy and the key aspects of cATO.
Objectives
The objectives of this workshop include: Explain why cyber is important to DevSecOps Describe Continuous Authority To Operate (cATO) Identify secure software development practices (e.g. threat modeling, security requirements) Recognize security metrics and telemetry Recognize how automation enhances security in DevSecOps (e.g., SAST, DAST, container scanning) Execute the build-out of a cATO package as a DoD software engineering and security team
Target Attendees
Software Engineers, Cybersecurity and Cyber Operation professionals of the Defense Acquisition Workforce or those who desire addition detailed knowledge on the security aspects of DevSecOps, including the Program Management staff.
Prerequisite(s)
Recommended Prerequisites: CLE 074, CLE 075, CLE 076, and WSA 001.
Predecessor Course(s) (Acceptable as a substitute for this course until the acceptance date specified below.)
Predecessor Predecessor Course Title PDS Code Accepted Until
None None None None
Course Length
3 day in-person classroom
Additional Course Information
Delivery Mode Workshop
Equivalent Courses  
ACE Recommended Credits  
PDS Code  
DAU Public (material/prework) N/A
Continuing Education Units   0
Continuous Learning Points  14
Reservist Retirement Points  
Historical Allocations Mouse Over for Past CEU/CLPs
Notes
  • Tailored, virtual instruction delivered upon request.
  • Fee-For-Service (FFS) arrangements may be required.