when devops meets regulation integrating continuous with
play

when devops meets regulation: integrating 'continuous' with - PowerPoint PPT Presentation

when devops meets regulation: integrating 'continuous' with 'government' @jezhumble public domain slides courtesy @noahkunin, infrastructure director, 18F / GSA TTS what is continuous delivery? The ability to get changesfeatures, con fi


  1. when devops meets regulation: integrating 'continuous' with 'government' @jezhumble public domain slides courtesy @noahkunin, infrastructure director, 18F / GSA TTS

  2. what is continuous delivery? The ability to get changes—features, con fi guration changes, bug fi xes, experiments—into production or into the hands of users safely and quickly in a sustainable way.

  3. devops movement a cross-functional community of practice dedicated to the study of building, evolving and operating rapidly changing, secure, resilient systems at scale

  4. Let’s ship it!

  5. Or not.

  6. Shipping software isn’t rocket science

  7. Is the launch checklist working?

  8. The U.S. Government's Digital Launch Checklist

  9. Records Management Records Schedule Privacy Act Paperwork Reduction Act Section 508 and Accessibility Standards Federal Acquisition Regulation Anti-deficiency Act Economy Act E-Government Act Computer Matching Act National Cyber Protection System Guidance for Agency Use of Third-Party Websites and Applications Social Media and Web-Based Interactive Technologies Office of Management Budget Circular A-130 Appendix 3 Federal Information Security and Management Act Federal Information Processing Standard (FIPS) 199 Federal Information Processing Standard (FIPS) 200 Federal Information Processing Standard (FIPS) 140-2 Special Publication 800-37 Special Publication 800-53 Revision 4 Special Publication 800-60 Volume 1 Special Publication 800-60 Volume 2

  10. Special Publication 800-18 Special Publication 800-137 Special Publication 800-171 Special Publication 800-133 Special Publication 800-95 EINSTEIN Compliance FedRAMP OMB Guidance on third party websites and applications OMB Memo M-14-04 OMB Memo M-15-01 Trusted Internet Connection 2.o Reference Architecture Pages in total: 4006

  11. http://dx.doi.org/10.6028/NIST.SP.800-53r4

  12. http://dx.doi.org/10.6028/NIST.SP.800-53r4

  13. My friend, you can clearly see the intention of FIPS 140-2 Annex A was to deprecate SHA-1 on the lunar new year...

  14. http://dx.doi.org/10.6028/NIST.SP.800-53r4

  15. http://dx.doi.org/10.6028/NIST.SP.800-53r4

  16. http://dx.doi.org/10.6028/NIST.SP.800-53r4

  17. How long is this going to take?

  18. 6 - 14 months to ship

  19. Speed is the new security.

  20. Dev Ops

  21. Dev Ops PaaS IaaS

  22. what this gets you teams can deploy into a production-like environment from day 1 architectural paradigm designed for distributed systems push-button deployments most of the controls taken care of at the platform level templates for all your compliance documentation

Recommend


More recommend