Home / Cybersecurity / GSA’s 18F Integrates ‘Agile’ Methods Into IT Security Certification Process

GSA’s 18F Integrates ‘Agile’ Methods Into IT Security Certification Process

The General Services Administration’s 18F organization has developed a security certification process for government information technology systems through the use of agile development methods, Nextgov reported Tuesday.

18F’s agile-based authority-to-operate process aims to apply an iterative approach to IT security authorizations and place security work at the start of a project.

“What we try to do is at the very beginning of the project, the first few weeks, we get an ATO,” Michael Torres, director of product at 18F, told Nextgov.

“And then every piece after that, we increment that ATO so it covers more and more of the system,” he added.

Torres noted about 18F’s efforts to further develop the iterative ATO process with security personnel at federal agencies.

“What we’re advocating is to help them and help the program team just focus on this small piece that we’re releasing so that we can make sure that that’s secure and also put in processes and maybe some infrastructure to make sure the next time we release there’s a process for an iterative ATO that doesn’t take as much time and is not as daunting,” he added.

Check Also

GAO Reports on IRS Information Security

The Government Accountability Office has reviewed the Internal Revenue Service's data security and discovered 14 new vulnerabilities. GAO said Thursday that it evaluated IRS' information security controls in fiscal year 2018 and recommends the revenue agency to bolster protection of financial and taxpayer information.

Leave a Reply

Your email address will not be published. Required fields are marked *