WSA 002

DAU Courses

iCatalog Home WSA 002 DEVSECOPS for the DoD: Security Focus
(Last Modified:10-Aug-2020)


This course brings together software engineers and cyber security professionals to provide students with an understanding of the capabilities required to secure software developed using a DevSecOps (DSO) methodology; and the cultural transition that must take place to successfully enable the continuous evaluation of security for DoD programs.

The greatest impediment to DoD’s transition to DSO is the use of a manual, checklist-based, security practices. New automated practices, continuous Authority to Operate (cATO), and continuous monitoring of software are needed to align our security and deployment practices with DoD’s strategy to deliver capability at the speed of relevance. While a cATO and automating Risk Management Framework (RMF) controls are critical to enabling DSO, that process alone is necessary but insufficient. Truly secure software development also involves additional practices such as secure software engineering, software assurance, and threat modeling.

In DCP, students will learn the importance of security in DSO, how the DoD DSO reference design supports built-in security across all layers, the importance of automation in development of security artifacts, and how these artifacts inform the cATO. Industry full-stack engineers and practitioners demonstrate the “Sec” in DevSecOps through hands-on DSO pipeline demonstrations. A final case study leverages classroom generated artifacts from the DAUx DevSecOps Continuous Integration/Continuous Delivery (CI/CD) pipeline, allowing students to walkthrough the development of a cATO package with the goal of providing developers and cyber practitioners with confidence that the software delivered is functional and secure.

The critical performance behaviors that participants bring back to the workplace include:
  • Begin leading changes needed to initiate modern software practices towards establishing a cATO process.
  • Conversant in tech literacy and the key aspects of cATO.
  • Objectives
    The objectives of this workshop include:
  • Explain why cyber is important to DevSecOps
  • Describe Continuous Authority To Operate (cATO)
  • Identify secure software development practices (e.g. threat modeling, security requirements)
  • Recognize security metrics and telemetry
  • Recognize how automation enhances security in DevSecOps (e.g., SAST, DAST, container scanning)
  • Execute the build-out of a cATO package as a DoD software engineering and security team
  • Target Attendees
    Software Engineers, Cybersecurity and Cyber Operation professionals of the Defense Acquisition Workforce or those who desire addition detailed knowledge on the security aspects of DevSecOps, including the Program Management staff.
    Recommended Prerequisites: CLE033, CLE074, CLE075, CLE076, and WSA001.
    Predecessor Course(s) (Acceptable as a substitute for this course until the acceptance date specified below.)
    Predecessor Predecessor Course Title PDS Code Accepted Until
    None None None None
    Course Length
    1 day in-person classroom; 2 days virtual classroom
    Additional Course Information
    Delivery Mode Workshop
    Equivalent Courses  
    ACE Recommended Credits  
    PDS Code  
    DAU Public (material/prework) N/A
    Continuing Education Units   0
    Continuous Learning Points  14
    Reservist Retirement Points  
    Historical Allocations Mouse Over for Past CEU/CLPs
  • Tailored, virtual instruction delivered upon request.
  • Fee-For-Service (FFS) arrangements may be required.