The Agriculture Department is creating a software factory where security is built in on the front end.
The Energy Department is testing out a rapid authority to operate, or ATO, process to focus on risk management.
Both of these efforts are based on the successes of the Defense Department.
Venice Goodwine, the chief information security officer for the Agriculture Department, said the software factory uses the DevSecOps process and provides a platform that already meets the agency’s security rigor. She said USDA’s software factory is similar to what the Air Force is doing with Platform One.
“What we’re doing is we have 29 different agencies and they all have developers. So of course, they’re developing in their own way. So imagine that as a CISO having to issue an authority to operate for all of those applications. It is more prudent and easier if I could just certify the process, meaning that if I certify the end-to-end process, what comes out of the process then becomes certified, so I don’t…
