Upload
others
View
19
Download
0
Embed Size (px)
Citation preview
UNCLASSIFIED / APPROVED FOR PUBLIC RELEASEUNCLASSIFIED / APPROVED FOR PUBLIC RELEASE
Platform One: DoD Enterprise DevSecOps Services
Mr. Thomas PetrilloChief Information Officer / G6
PEO Simulation, Training and Instrumentation
3 June 2020
2
UNCLASSIFIED / APPROVED FOR PUBLIC RELEASE
• Central repository for the source code to create hardened and evaluated
container
• Includes various source code open-source products and infrastructure as
code used to harden Kubernetes distributions
• https://repo1.dsop.io/dsop/
Repo One: DoD Centralized Container Source Code Repository (DCCSCR)
3
UNCLASSIFIED / APPROVED FOR PUBLIC RELEASE
Iron Bank: DoD Centralized Artifacts Repository (DCAR)
• DoD repository of digitally signed, binary container images
• Hardened IAW the Container Hardening Guide coming from Iron Bank
• DoD-wide reciprocity across classifications
• https://ironbank.dsop.io/
4
UNCLASSIFIED / APPROVED FOR PUBLIC RELEASE
DevSecOps Platform (DSOP)
• Collection of−approved, hardened Cloud Native Computer Foundation (CNCF)-compliant Kubernetes distributions
− infrastructure as code playbooks
−hardened containers that implement a DevSecOps platform compliant with the DoD Enterprise
DevSecOps Reference Design
• Source code is hosted on Repo One
• Kubernetes CNCF-compliant currently supported:
− OpenShift 4.x
−Kubernetes upstream
−VMWare PKS Essential
−Rancher Federal RKE
• Includes mandated containers of the Reference Design
− Elasticsearch Fluentd, and Kibana (EFK)
−Sidecar Container Security Stack (SCSS)
5
UNCLASSIFIED / APPROVED FOR PUBLIC RELEASE
Platform One Enterprise Services
• Party Bus: Platform One Shared Enterprise Environments (Multi-Tenant) (for
Development, Test and Production)
• Big Bang: Platform One Dedicated DevSecOps Environments
• Custom Development Services
• Cloud Native Access Point (CNAP)
• Continuous Integration / Continuous Delivery (CI/CD) with Infrastructure as
Code (IaC)
• DevSecOps Managed Tools
• Cybersecurity/Pen-testing Services
• Training/On-Boarding Options
−DAU, 1-day Intro to DevSecOps, 3-day Workshop, 6-week full on-boarding, 2-month full
on-boarding and customized training option
6
UNCLASSIFIED / APPROVED FOR PUBLIC RELEASE
DevSecOps Basic Ordering Agreements (BOAs) – Contract Vehicles
• Acquisition and bulk purchasing of DevSecOps tools, services and talent
• DoD Contracting Officers and Acquisition workforce can receive training to
leverage the DevSecOps BOAs
7
UNCLASSIFIED / APPROVED FOR PUBLIC RELEASE
DevSecOps Playbook
Overview Skills required Types of Work
• Help in Day-to-
Day Job
• Red Team
• Blue Team
• Security Engineering
• Operations
• Secure Development
• Security Science
• Security Testing
• Continuous response
• Compliance
Operations
• Consulting
• Code Development
• Threat analysis
• Penetration Testing
• Event Detection &
Correlation
• Big Data Analytics
STORE ARTIFACTS
SCALE
MONITOR
SECURE
TEST
BUILD“Continuous Integration & Continuous Delivery”
Orchestration
DoD Enterprise DevSecOps
Technology Stack
(Exemplar)PLAN
&DEVELOP
DEPLOY &
OPERATE
Container and Container Management