devops in government

5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook

5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook

| | devops in government, DevSecOps, Federal, framework, government, risk management, Sonatype Guide, Sonatype Lifecycle
Let's be honest about the legacy Risk Management Framework (RMF): for the last decade, achieving an ATO has been less about actual cybersecurity and more about creative writing. We built three-year "snapshot" ...
2024 Sonatype Blog

Modernizing Federal DevSecOps for CMMC and Beyond

| | devops in government, DevSecOps in Government, DevSecOps journey, Federal, government, NIST
The Cybersecurity Maturity Model Certification (CMMC) 2.0 marks a clear shift from box-checking to modernization. Compliance is, of course, important. However, this evolution highlights the need to revise our approach to how ...
2024 Sonatype Blog
Mission Velocity, Mission Assurance: Why Federal Software Security Demands Both

Mission Velocity, Mission Assurance: Why Federal Software Security Demands Both

| | devops in government, Federal, government, Software Security, velocity
Federal missions are moving faster than ever, and the demand for speed is matched only by the need for greater trust. From implementing zero-trust mandates to deploying AI-powered systems, today's agencies are ...
2024 Sonatype Blog
Présidente de France Travail, Alexandre Saubot

French Gov. Leaks 43 Million People’s Data — ‘France Travail’ Says Sorry

| | Alexandre Saubot, Cap emploi, CNIL, cyber attacks on governm, devops in government, DevSecOps in Government, digital government, European Governments, france, France Travail, government, Government & Regulatory News, government agencies, Government Authority, SB Blogwatch
La grande cybermalveillance: French government’s employment agency loses control of citizens’ data after biggest breach in Gallic history ...
Security Boulevard
DoD HQ, “The Pentagon”

DoD Email Breach: Pentagon Tells Victims 12 Months Late

| | Anurag Sen, azure, Azure cloud, Azure Government Cloud, Compliance Automation Platform for FedRAMP, data privacy PII, defense department, Department of Defense, devops in government, DevSecOps in Government, digital government, DoD, email, Federal Government, Federal Government Bids, FedRAMP, fedramp accreditation;, fedramp ato, fedramp certification, fedramp compliance, government, Microsoft Azure, Microsoft Azure Security, Microsoft Exchange, Microsoft Exchange Server, pentagon, pii, PII Leakage, SB Blogwatch, U.S. Department of Defense, United States Department of Defense, US DOD, USDoD, USSOCOM
3TB Email FAIL: Personal info of tens of thousands leaks. Microsoft cloud email server was missing a password ...
Security Boulevard

Federal DevSecOps Leaders: It’s Time to Join The Conversation

| | COVID-19, devops in government, DevSecOps, DevSecOps Leadership Forum, government, government open source software (GOSS), News and Views
Over the past three years, we’ve held the Federal DevSecOps Leadership Forum in Washington, D.C., where government decision-makers come together and share their DevSecOps journeys on stage with government leaders across the ...
Sonatype Blog

Improving DevSecOps at the GSA

| | Devops adoption, devops in government, DevOps Maturity, DevSecOps, DevSecOps in Government, government, Post developers/devops
The U.S. General Services Administration has a number of roles in the U.S. government. For instance, the GSA is the world’s largest landlord. It administers all of the civilian federal government buildings ...
Sonatype Blog

DevOps at the US Patent and Trademark Office

| | devops in government, DevSecOps in Government, Post developers/devops
Discussions of DevOps in government are always popular because it is a tough subject. Few have successfully cracked the code, and, even if they have, it is a slow, uphill climb with ...
Sonatype Blog