Overview
A Secure Development Ecosystem for U.S. Defense Organizations to Drive Innovation Forward
Delivering a secure software product for the US Defense industry requires navigating a complex web of people, process, and technologies to ensure that Government intellectual property is protected, a secure ecosystem is established, legacy technologies are embraced, and a finished product can be delivered.
DMI delivers a comprehensive Defense-focused software factory that supports a robust Agile-enabled DevSecOps platform, a secure development hosting environment, and flexible Continuous Integration / Continuous Delivery (CI/CD) pipelines to meet DevSecOps cATO requirements. The factory’s focus on continuous improvement, enabled by quantitative analysis and Agile retrospectives, ensures transparency and provides insightful reporting. With features like a FedRAMP-accredited enclave, secure access to hardened tool containers, automated DISA STIG OSCAP scanning, and developer virtual desktops, the Defense Software Factory empowers organizations to develop mission-critical applications with the highest levels of security and compliance.
Business Benefits
Productivity
Increases developer productive hours per FTE by deploying a common set of tools, approaches, and processes to facilitate the development and delivery of software.
Security
Code development with the highest regard for security standards to ensure the protection of intellectual property and minimize the threat posed to government systems hosted within corporate infrastructure.
Ecosystem
Provides contractor owned and managed capabilities that are consistent with other Defense-managed software factories, such as cARMY DSO-Service and DSO Platform One.
Cloud Gateway
Support for both cloud and physical equipment provider projects with an easy pathway to transform the development environment from legacy equipment to cloud-native applications.
Transparency
Full visibility into the development process — from Agile release planning to the vulnerability assessment of each developer’s code updates — is available to program management staff.
DevSecOps cATO-Enabled
Software Bills of Materials, License Models, Threat Assessments and Vulnerability Scanning are automatically updated to minimize the time and cost for accrediting the product.
FEATURES
Robust DevSecOps
Secure development lifecycle including a Continuous Integration / Continuous Delivery Pipeline with tooling to support Web, Application and Database analysis, testing, auditing and packaging.
Secure Artifacts
Image, package, and container proxies allowing only secured and authorized repositories are used to obtain approved artifacts for the development process and Software Bills of Material.
Agile Release Train Integrated
Full support for Agile development methodologies that can be customized based on the Customer’s processes and then integrated with ITSM capabilities to capture input from Operational support teams.
WorkSpaces
A Virtualized Desktop Environment enables a zero-trust security model for access to development resources that supports development on the Web, BYOD, corporate devices or Government-furnished equipment.
Development Hosting
Migration and hosting services for managing development with Cloud hosting services that reduces the footprint of physical GFE equipment, improves the security posture of the development environment, and reduces overall development risks.
Integration
Expands the CI/CD Pipeline with customer-specified analysis tools for integrated delivery of work products and supports a variety of delivery mechanisms to enable secure transfers on air-gapped networks.
Model
Insights
