Security in Platform Oneπ£
Core Tenetsπ£
- Secure the DoD
- Security first approach - but with mindfulness of timelines
- Automation
- Avoid manual processes - by automating
- Standards/Continuous Monitoring
- Observability layers can continuously monitoring of compliance over time.
- Multi-Party Validation
- Have multiple sets of eyes that are checking the products coming through the pipeline. P1 likes to promote pair programming to help with this.
PlatformOne - Security Offeringsπ£
- IronBank Registry
- IB registry for hardened container images (registry1.dso.mil)
- IronBank VAT
- Vulnerability Assessment Tracker (vat.dso.mil)
- GUI with APIs access to evidence to speed up accreditation of images
- Weekly IronBank Onboarding, AMA, and get unblocked sessions
- https://p1.dso.mil/#/products/iron-bank/
- Note: only vendors can harden vendor images
- CNAP
- Cloud Native Access Point (Advanced perimeter firewall, that enables secure access to IL2, IL4, and IL5 Resources from the public internet, P1 SSO managed by CNAP team)
- Various other services
- Onboarding, pen testing, and more.
Automateing Securityπ£
- IronBank rebuilds & rescans their images every 12 hours. This ensures fixes to the upstream base image can be added.
- BigBang’s UHC Pattern and every 2 week release cycle makes it easy to pull in the latest version of images.
in
~/Desktop/bootstrap/dev/kustomization.yaml
there’s a reference to the version of the BigBang helm Chart. When you update that it cases a cascading effect that updates the versions of all images maintained by BigBang.
ATO vs cATOπ£
ATOπ£
- Based on RMF and Security Controls and their implementation for an iteration
- Places focus on the the system
- Works better with the traditional Waterfall/Spiral SDLC
- Changes to the system might warrant a re-evaluation of the ATO cycle
- Traditionally ATO is issued to the system as whole
- Does not lend to easier Reciprocity across platforms
cATOπ£
- Also based on RMF and Security Controls but focus on the process that spans multiple iterations
- Places focus on the development process instead of the system
- Better fit for the modern agile methodologies
- Allows teams to develop and deploy continuously without having to re-evaluate ATO for each change
- Swapping out the layers (Infra and Platform) with equivalent ATOs helps preserves cATO and CtF of the Application which lends to Easier Reciprocity across platforms (arguably)
Continuous Authorizationπ£
PlatformOne Security Objectivesπ£
Security is core to P1βs Mission
βServe cyber mission application teams in their journey to deliver rapid mission capability with technical expertise and servicesβ
- Provide secure, resilient and robust development environment
- Facilitate CtF - Certificate To Field
- Secure development - focus on high quality code practices, automation, monitoring and compliance
- Secure deployment - rely on the ATO of the infrastructure and platform layers
Processπ£
1.0 Authorize the Platformπ£
2.0 Authorize the Platformπ£
3.0 Authorize the Processπ£
Continuous Monitoringπ£
P1 and cATOπ£
BigBang clusters are capable of receiving a cATO.
IronBank, PartyBus, and other P1 services are hosted on top of BigBang Clusters. P1’s AO was able to sign off on P1 services receiving a cATO, because of people, processes, and technology.
- In addition to the BigBang Platform Technology
- Trained, approved, vetted people are developing and maintaining the services.
- and are following processes that have been approved by the AO.
EX: PartyBus has a process for developer built images to be blessed to run in production on the cATO’d environment, they call it the CTF (Certificate to Field).