Home / Cybersecurity / GSA’s 18F Integrates ‘Agile’ Methods Into IT Security Certification Process

GSA’s 18F Integrates ‘Agile’ Methods Into IT Security Certification Process

The General Services Administration’s 18F organization has developed a security certification process for government information technology systems through the use of agile development methods, Nextgov reported Tuesday.

18F’s agile-based authority-to-operate process aims to apply an iterative approach to IT security authorizations and place security work at the start of a project.

“What we try to do is at the very beginning of the project, the first few weeks, we get an ATO,” Michael Torres, director of product at 18F, told Nextgov.

“And then every piece after that, we increment that ATO so it covers more and more of the system,” he added.

Torres noted about 18F’s efforts to further develop the iterative ATO process with security personnel at federal agencies.

“What we’re advocating is to help them and help the program team just focus on this small piece that we’re releasing so that we can make sure that that’s secure and also put in processes and maybe some infrastructure to make sure the next time we release there’s a process for an iterative ATO that doesn’t take as much time and is not as daunting,” he added.

Check Also

Vice Adm. Matthew Kohler on Navy’s Current Information Warfare Approach

Vice Adm. Matthew Kohler, the top information warfare officer at the U.S. Navy, told C4ISRNET in an interview published Monday that the service considers information warfare as decisive both in daily operations and high-end kinetic fight. “In information warfare, while the rest of the warfare areas are involved in the high-end conflict [eventually], we consider the high-end conflict now. Constant contact with the enemy in terms of cybersecurity, being able to operate within the [electromagnetic spectrum], all of those. We consider ourselves in contact with the adversary now,” Kohler said. 

Leave a Reply

Your email address will not be published. Required fields are marked *