Skip to content

Security in Platform OneπŸ“œ

Core TenetsπŸ“œ

  • Secure the DoD
    • Cybersecurity first approach to software development for mission owner applications and weapon systems.
    • Security is built into Kubernetes containers and further secured with a sidecar security stack configuration that adheres to DoD Enterprise DevSecOps Reference Design for our environments.
  • Automation
    • Avoid manual processes by automating whenever possible.
  • Standards/Continuous Monitoring
    • The pipelines enforce continuous monitoring by not allowing the application to deploy if the quality/compliance gates fail.
    • The CtF process enforces CI/CD by ensuring vulnerabilities are progressively mitigated prior to deployment.
  • Multi-Party Validation
    • Paired programming and extreme programming are embraced, allowing the organization to continually produce quality code that can adapt to change rapidly.
    • All major changes must undergo a complete Certificate to Field (CtF) review including code review, pipelines, and security testing.

For more detailed information see DoD Enterprise DevSecOps Fundamentals

PlatformOne - Security OfferingsπŸ“œ

  • IronBank Registry
    • IB registry for hardened container images (registry1.dso.mil)
  • IronBank VAT
    • Vulnerability Assessment Tracker (vat.dso.mil)
    • GUI with APIs access to evidence to speed up accreditation of images

  • Weekly IronBank Onboarding, AMA (Ask Me Anything), and get unblocked sessions

    Note

    Only vendors can harden vendor images

  • CNAP

    • Cloud Native Access Point (Advanced perimeter firewall, that enables secure access to IL2, IL4, and IL5 Resources from the public internet, P1 SSO managed by CNAP team)
  • Various other services
    • Onboarding, pen testing, and more.

Automating SecurityπŸ“œ

  • IronBank rebuilds & rescans their images every 12 hours. This ensures fixes to the upstream base image can be added.

  • Big Bangs releases cycle every 2 weeks, makes it easy to pull in the latest version of images.

    • In ~/Desktop/bootstrap/dev/kustomization.yaml there’s a reference to the version of the Big Bang helm Chart. When you update that it cases a cascading effect that updates the versions of all images maintained by Big Bang.

ATO vs cATOπŸ“œ

ATOπŸ“œ

  • Based on RMF (Risk Management Framework) and Security Controls and their implementation for an iteration
  • Places focus on the system
  • Works better with the traditional Waterfall/Spiral SDLC (Software Development Life Cycle)
  • Changes to the system might warrant a re-evaluation of the ATO cycle
  • Traditionally ATO is issued to the system as whole
  • Does not lend to easier Reciprocity across platforms

cATOπŸ“œ

  • Also based on RMF and Security Controls but focused on the development process that spans multiple iterations rather than the system itself
  • Better fit for the modern agile methodologies
  • Allows teams to develop and deploy continuously without having to re-evaluate ATO for each change
  • Swapping out the layers (Infra and Platform) with equivalent ATOs arguably helps preserves cATO and CtF (Certificate To Field) of the Application which lends to Easier Reciprocity across platforms

Continuous AuthorizationπŸ“œ

C-ATO

C-ATO Overview

PlatformOne Security ObjectivesπŸ“œ

Security is core to P1’s Mission

β€œServe cyber mission application teams in their journey to deliver rapid mission capability with technical expertise and services”

  • Provide secure, resilient and robust development environment
  • Facilitate CtF - Certificate To Field
  • Secure development - focus on high quality code practices, automation, monitoring and compliance
  • Secure deployment - rely on the ATO of the infrastructure and platform layers

Security Objectives

ProcessπŸ“œ

1.0 Authorize the PlatformπŸ“œ

Step 1.0

2.0 Authorize the ProcessπŸ“œ

Steop 2.0

3.0 Authorize the TeamπŸ“œ

Step 3.0

Continuous MonitoringπŸ“œ

Continuous Monitoring

P1 and cATOπŸ“œ

Big Bang clusters are capable of receiving a cATO.

IronBank, PartyBus, and other P1 services are hosted on top of Big Bang Clusters. P1’s AO was able to sign off on P1 services receiving a cATO, because of people, processes, and technology. In addition to the Big Bang Platform Technology, trained, approved, and vetted people are developing and maintaining the services and are following processes that have been approved by the AO.

EX: PartyBus has a process called CTF (Certificate to Field) through which images are approved to run in production on their cATO’d environment.

Quiz QuestionsπŸ“œ

What is missing from this list of the Core Tenets for security in Platform One? Secure the DoD, Automation, Multi-Party Validation

Standards/Continuous Monitoring

What does CNAP stand for?

Cloud Native Access Point

How often does IronBank rebuild & rescan their images?

IronBank rebuilds & rescans their images every 12 hours. This ensures fixes to the upstream base image can be added.

What is the difference between ATO and cATO?

ATO

  • Places focus on the system

  • Works better with the traditional Waterfall/Spiral SDLC

  • Changes to the system might warrant a re-evaluation of the ATO cycle

  • Traditionally ATO is issued to the system as whole

  • Does not lend to easier Reciprocity across platforms

cATO

  • Better fit for the modern agile methodologies

  • Allows teams to develop and deploy continuously without having to re-evaluate ATO for each change

What is ChatOps?

ChatOps is project collaboration for real-time interactive coordination among team members