Factory using Cloud DevSecOps Services Sidecar Container Security Stack Sidecar Container Security Stack enables: correlated and centralized logs, container security, east/west traffic management, a zero-trust and container policy enforcement.The security stack in the security sidecar container will include: 1. A logging agent to push logs to a platform centralized logging service. 2. Container policy policy enforcement. This includes ensuring container hardening from DCAR containers are preserved and complies with the NIST 800-190 requirements [12]. 3. Runtime Defense, this can perform both signature-based

need… • a Container Management Platform, but to network it I need… • a Service Mesh, but to secure it I need… • an automated Certificate Authority, and for more security I need… • a Container scanning and access on a bunch of servers, but I need more servers so I need… • an Infrastructure as a Service platform, but for high availability I need… • another rack of servers, but to pay for it I need…Always ask

to scan environments for vulnerabilities iii. 18F Cloud.gov (uses AWS GovCloud – 1. Created platform addressing bulk of compliance concerns driven by ATO requirements 2. Automating framework for code (API calls from certain types of test code) 4. Ensure every CI process is in an isolated container 5. Make the version control credentials of the CI system read-only 3. Ch. 23 – Protecting the auditors traditional training of sampling with screenshot evidence doesn’t really work in cloud, container or similar environments with infrastructure-as-code and auto- scaling. Must create alternatives

software for government purposes and/or integrate it into an existing operational baseline, system, or platform. Although it may not be the easiest approach, the government can also use Agile to build a large using existing infrastructure. Program Scope Program spans core capabilities and underlying platform or infrastructure. The government is responsible for primary systems integration. Systems capability deliveries, Agile development requires tight integration among enterprise architectures, platform architectures, and related development efforts. To find the right balance between structure and

desk.”1 The governor’s plan has five points that could have been plucked from any campaign platform: 1. A “world-class” education system from preschool through college; 2. A “prosperous economy”;