Home / Cybersecurity / GSA’s 18F Integrates ‘Agile’ Methods Into IT Security Certification Process

GSA’s 18F Integrates ‘Agile’ Methods Into IT Security Certification Process

The General Services Administration’s 18F organization has developed a security certification process for government information technology systems through the use of agile development methods, Nextgov reported Tuesday.

18F’s agile-based authority-to-operate process aims to apply an iterative approach to IT security authorizations and place security work at the start of a project.

“What we try to do is at the very beginning of the project, the first few weeks, we get an ATO,” Michael Torres, director of product at 18F, told Nextgov.

“And then every piece after that, we increment that ATO so it covers more and more of the system,” he added.

Torres noted about 18F’s efforts to further develop the iterative ATO process with security personnel at federal agencies.

“What we’re advocating is to help them and help the program team just focus on this small piece that we’re releasing so that we can make sure that that’s secure and also put in processes and maybe some infrastructure to make sure the next time we release there’s a process for an iterative ATO that doesn’t take as much time and is not as daunting,” he added.

Check Also

NBIB Continues Background Investigations Amid Government Shutdown

The National Background Investigations Bureau is still running despite the partial government shutdown's effects on the Office of Personnel Management, Nextgov reported Wednesday. The bureau continues to run on funds that customer agencies pay for investigation work. The NBIB has managed to cut a backlog of 725,000 investigations down to 600,000 between April and the end of 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *