Get your application(s) authorized for DoD use on Platform One Iron Bank container repository

Oteemo can help you streamline the process to continually meet the stringent security specifications aimed to protect DoD systems.

This is no trivial task, and can require substantial expertise and more importantly, takes continuous commitment and resources on the part of your organization. Inclusion of your containerized application in DoD’s Iron Bank secure repository is a major step forward in gaining DoD customers. Effectively, inclusion in the IronBank means your containerized application joins the DoD “app store” of approved hardened containers.

Is your application authorized for use by the United States Department of Defense (DoD) today?
Did your application receive a Certificate to Field (CtF)?

Gaining Inclusion into The Iron Bank

Iron Bank is a groundbreaking central repository of digitally-signed container images, including open-source and commercial off-the-shelf software, hardened to the DoD’s exacting specifications. Approved containers in Iron Bank have DoD-wide reciprocity across all classifications, accelerating down to weeks a security process that can otherwise take months or even years. The Iron Bank container repository is the DoD-wide container repository, a product of DoD’s Platform One, the first DoD enterprise DevSecOps managed service. Iron Bank containers are an integral part of Big Bang, Platform One’s DevSecOps platform.

To be considered for inclusion into Iron Bank, container images must meet rigorous DoD software security standards. It is an extensive, continuous, complicated effort for even the most sophisticated IT teams. Continuously maintaining and managing hardening pipelines while incorporating evolving DoD specifications and addressing new vulnerabilities (CVEs) can severely stretch your resources, even if you have advanced tooling and experience in-house. While inclusion in Iron Bank will enable your sales team to get tremendous exposure within the DoD userbase and beyond, getting the first version completely through the process is where most product companies struggle.

OTEEMO TIP:

Applications must be deployed on Iron Bank the same day (or earlier) than they are released commercially.
This adds a significant burden to existing commercial teams, Oteemo can provide a continuous and automated process to streamline this delivery with the white glove service option.

Oteemo can accelerate acceptance into the Iron Bank

US Based

Kubernetes Certified Solution Provider (KCSP)

Kubernetes Training Partner (KTP)

Extensive experience in containerization and building, scanning, and hardening application containers for Iron Bank

Two Models to Fit Your Organization

Every enterprise is different, with different levels of expertise and experience in-house. This is why we offer two levels of our service: white glove or advisory. We may interact directly with Iron Bank on your behalf, or advise you on how to navigate Iron Bank processes.

White Glove Service

For enterprises that focus their resources on their core applications without the distractions of container hardening

Advisory Services

For enterprises that have well-established security teams and in-house compliance and release engineering

White Glove Service

For enterprises that choose to focus their resources on their core applications without the distractions of container hardening will find our white glove service to be a perfect fit for their needs.

Iron Bank

Oteemo automates the container build and hardening processes using purpose-built build pipelines, and provides reference images for over 170 applications cleared for DoD-wide use. This eliminates application patching, and provides a robust, repeatable and scalable mechanism to build, scan, and distribute application containers to the DoD.

The stages Oteemo takes applications through to ensure readiness for acceptance into Iron Bank include:

Onboard the latest release of the application(s)

or product through Oteemo’s pipeline to build, scan, and harden the target container to meet the requirements for inclusion into Iron Bank (and put subsequent application or product releases through the same process)

Establish a feedback cadence

with the release team to ensure emergent standards and advisories are followed as new versions are submitted

Provide hardening reports and analytics

along with relevant SecComp guidance to enhance application compliance going forward

Advisory Services

For enterprises that have well-established security teams and in-house compliance and release engineering

Our advisory services fill the crucial gap in the container hardening process by providing ongoing targeted analysis and recommendations on the vulnerabilities found in containers submitted to the Iron Bank. In this service we continuously research, prioritize and report information required to mitigate or justify found issues, with a view to enhancing SecComp enforcement and application compliance. The goal is to provide actionable recommendations that help your software teams meet compliance and security requirements to ensure acceptance into the Iron Bank repository. We also mentor designated in-house security personnel in the process, so that they may be able to replicate our process internally when the opportunity arises.

Acceptance of your applications into the Iron Bank is an essential step in achieving adoption within the DoD. Talk to us today to see how we can accelerate your journey into the Iron Bank.

Gain an edge in DevSecOps Adoption

Acceptance of your applications into the Iron Bank is an essential step in achieving adoption within the DoD. Talk to us today to see how we can accelerate your journey into the Iron Bank.

Frequently Asked DoD Iron Bank Questions

  • What is the iron bank?

DoD Iron Bank is a container registry consisting of images hardened to the DoD’s exacting specifications. Container images that meet these specifications have an accelerated pathway to an Authority to Operate (ATO) for use across the DoD.

  • How to ensure iron bank acceptance of an application?

Application pipelines must build, scan and harden the target container to enable you to meet the requirements for inclusion into DoD Iron Bank. Each subsequent release must be taken through the same process.

Who We Are & What We Do

As passionate technologists, we love to push the envelope. We act as strategists, practitioners and coaches to enable enterprises to adopt modern technology and accelerate innovation.

We help customers win by meeting their business objectives efficiently and effectively.

icon         icon        icon

Newsletter Signup:

Join tens of thousands of your peers and sign-up for our best technology content curated by our experts. We never share or sell your email address!