Security in Platform Oneπ
Core Tenetsπ
- Secure the DoD
- Cybersecurity first approach to software development for mission owner applications and weapon systems.
- Security is built into Kubernetes containers and further secured with a sidecar security stack configuration that adheres to DoD Enterprise DevSecOps Reference Design for our environments.
- Automation
- Avoid manual processes by automating whenever possible.
- Standards/Continuous Monitoring
- The pipelines enforce continuous monitoring by not allowing the application to deploy if the quality/compliance gates fail.
- The CtF process enforces CI/CD by ensuring vulnerabilities are progressively mitigated prior to deployment.
- Multi-Party Validation
- Paired programming and extreme programming are embraced, allowing the organization to continually produce quality code that can adapt to change rapidly.
- All major changes must undergo a complete Certificate to Field (CtF) review including code review, pipelines, and security testing.
For more detailed information see DoD Enterprise DevSecOps Fundamentals
PlatformOne - Security Offeringsπ
- IronBank Registry
- IB registry for hardened container images (registry1.dso.mil)
- IronBank VAT
- Vulnerability Assessment Tracker (vat.dso.mil)
- GUI with APIs access to evidence to speed up accreditation of images
-
Weekly IronBank Onboarding, AMA (Ask Me Anything), and get unblocked sessions
Note
Only vendors can harden vendor images
-
CNAP
- Cloud Native Access Point (Advanced perimeter firewall, that enables secure access to IL2, IL4, and IL5 Resources from the public internet, P1 SSO managed by CNAP team)
- Various other services
- Onboarding, pen testing, and more.
Automating Securityπ
- IronBank rebuilds & rescans their images every 12 hours. This ensures fixes to the upstream base image can be added.
-
Big Bangs releases cycle every 2 weeks, makes it easy to pull in the latest version of images.
- In
~/Desktop/bootstrap/dev/kustomization.yaml
there’s a reference to the version of the Big Bang helm Chart. When you update that it cases a cascading effect that updates the versions of all images maintained by Big Bang.
- In
ATO vs cATOπ
ATOπ
- Based on RMF (Risk Management Framework) and Security Controls and their implementation for an iteration
- Places focus on the system
- Works better with the traditional Waterfall/Spiral SDLC (Software Development Life Cycle)
- Changes to the system might warrant a re-evaluation of the ATO cycle
- Traditionally ATO is issued to the system as whole
- Does not lend to easier Reciprocity across platforms
cATOπ
- Also based on RMF and Security Controls but focused on the development process that spans multiple iterations rather than the system itself
- Better fit for the modern agile methodologies
- Allows teams to develop and deploy continuously without having to re-evaluate ATO for each change
- Swapping out the layers (Infra and Platform) with equivalent ATOs arguably helps preserves cATO and CtF (Certificate To Field) of the Application which lends to Easier Reciprocity across platforms
Continuous Authorizationπ
PlatformOne Security Objectivesπ
Security is core to P1βs Mission
βServe cyber mission application teams in their journey to deliver rapid mission capability with technical expertise and servicesβ
- Provide secure, resilient and robust development environment
- Facilitate CtF - Certificate To Field
- Secure development - focus on high quality code practices, automation, monitoring and compliance
- Secure deployment - rely on the ATO of the infrastructure and platform layers
Processπ
1.0 Authorize the Platformπ
2.0 Authorize the Platformπ
3.0 Authorize the Processπ
Continuous Monitoringπ
P1 and cATOπ
Big Bang clusters are capable of receiving a cATO.
IronBank, PartyBus, and other P1 services are hosted on top of Big Bang Clusters. P1’s AO was able to sign off on P1 services receiving a cATO, because of people, processes, and technology. In addition to the Big Bang Platform Technology, trained, approved, and vetted people are developing and maintaining the services and are following processes that have been approved by the AO.
EX: PartyBus has a process called CTF (Certificate to Field) through which images are approved to run in production on their cATO’d environment.
Quiz Questionsπ
What is missing from this list of the Core Tenets for security in Platform One? Secure the DoD
, Automation
, Multi-Party Validation
Standards/Continuous Monitoring
What does CNAP stand for?
Cloud Native Access Point
How often does IronBank rebuild & rescan their images?
IronBank rebuilds & rescans their images every 12 hours. This ensures fixes to the upstream base image can be added.
What is the difference between ATO and cATO?
ATO
-
Places focus on the system
-
Works better with the traditional Waterfall/Spiral SDLC
-
Changes to the system might warrant a re-evaluation of the ATO cycle
-
Traditionally ATO is issued to the system as whole
-
Does not lend to easier Reciprocity across platforms
cATO
-
Better fit for the modern agile methodologies
-
Allows teams to develop and deploy continuously without having to re-evaluate ATO for each change
What is ChatOps?
ChatOps is project collaboration for real-time interactive coordination among team members