Solutions
DoD-Federal-Service

DoD
Iron Bank

Get your application(s) authorized for DoD use on Platform One Iron Bank container repository. Streamline the process to continually meet the stringent security specifications aimed to protect DoD systems.

Accelerate acceptance

Inclusion of your containerized application in DoD’s Iron Bank secure repository is a major step forward in gaining DoD customers. Effectively, inclusion in the IronBank means your containerized application joins the DoD “app store” of approved hardened containers.
To be considered for inclusion into Iron Bank, container images must meet rigorous DoD software security standards. It is an extensive, continuous, complicated effort for even the most sophisticated IT teams.
Continuously maintaining and managing hardening pipelines while incorporating evolving DoD specifications and addressing new vulnerabilities (CVEs) can severely stretch your resources, even if you have advanced tooling and experience in-house.
While inclusion in Iron Bank will enable your sales team to get tremendous exposure within the DoD userbase and beyond, getting the first version completely through the process is where most product companies struggle.
1

What is Iron Bank

Iron Bank is a groundbreaking central repository of digitally-signed container images, including open-source and commercial off-the-shelf software, hardened to the DoD’s exacting specifications.
Approved containers in Iron Bank have DoD-wide reciprocity across all classifications, accelerating down to weeks a security process that can otherwise take months or even years. The Iron Bank container repository is the DoD-wide container repository, a product of DoD’s Platform One, the first DoD enterprise DevSecOps managed service. Iron Bank containers are an integral part of Big Bang, Platform One’s DevSecOps platform.
2

How to ensure Iron Bank acceptance of an application?

Application pipelines must build, scan and harden the target container to enable you to meet the requirements for inclusion into DoD Iron Bank. Each subsequent release must be taken through the same process.
3

White Glove Service

At Oteemo we are intimately familiar with the hardening specifications, intake process and build pipelines, and have been working closely with DoD stakeholders and teams for years to provide hardened containers for multiple applications.
As key contributors to Big Bang and Iron Bank itself, we have a distinct advantage over other providers in this process.
The stages Oteemo takes applications through to ensure readiness for acceptance into Iron Bank include:
At Oteemo, we have successfully shepherded multiple open source and commercial applications into Iron Bank. On the open-source front, we have hardened complex products like Kubeflow (150+ containers). Global enterprises like JFrog have leveraged our expertise to accelerate inclusion of their flagship products Artifactory and X-Ray into the Iron Bank. We look forward to bringing the same level of experience, expertise and insight to your service, and help you accelerate the inclusion of your applications into the Iron Bank.
US Based
Kubernetes Certified Solution Provider (KCSP)
Kubernetes Training Partner (KTP)
Extensive experience in containerization and building, scanning, and hardening application containers for Iron Bank
4

How to ensure Iron Bank acceptance of an application?

For enterprises that choose to focus their resources on their core applications without the distractions of container hardening will find our white glove service to be a perfect fit for their needs.
Oteemo automates the container build and hardening processes using purpose-built build pipelines, and provides reference images for over 170 applications cleared for DoD-wide use. This eliminates application patching, and provides a robust, repeatable and scalable mechanism to build, scan, and distribute application containers to the DoD.
The stages Oteemo takes applications through to ensure readiness for acceptance into Iron Bank include:
1. Onboard the latest release of the application(s) or product through Oteemo’s pipeline to build, scan, and harden the target container to meet the requirements for inclusion into Iron Bank (and put subsequent application or product releases through the same process)
2. Establish a feedback cadence with the release team to ensure emergent standards and advisories are followed as new versions are submitted
3. Provide hardening reports and analytics along with relevant SecComp guidance to enhance application compliance going forward
5

Advisory Services

For enterprises that have well-established security teams and in-house compliance and release engineering.
Our advisory services fill the crucial gap in the container hardening process by providing ongoing targeted analysis and recommendations on the vulnerabilities found in containers submitted to the Iron Bank. In this service we continuously research, prioritize and report information required to mitigate or justify found issues, with a view to enhancing SecComp enforcement and application compliance. The goal is to provide actionable recommendations that help your software teams meet compliance and security requirements to ensure acceptance into the Iron Bank repository. We also mentor designated in-house security personnel in the process, so that they may be able to replicate our process internally when the opportunity arises.
Acceptance of your applications into the Iron Bank is an essential step in achieving adoption within the DoD. Talk to us today to see how we can accelerate your journey into the Iron Bank.

Read about our work in Case Studies

VDH Organizational Transformation: Agile Adoption at Scale and DevSecOps Modernization

Introduction The COVID-19 pandemic highlighted the critical role technology plays in health service delivery; the Virginia Department of Health (VDH) was significantly challenged to provide real-time system capabilities for tracking infections rates, vaccines, and data exchanges with partners. VDH made IT modernization a top priority to ensure its readiness to respond to future health crises. […]

Sep 01, 2024

Oteemo Helps Mednax Reduce Deployment Time From Months To Minutes

“Our IT mission, like our company mission, is to take great care of the patient™ every day and in every way. We do this by developing solutions and technology with highly disciplined and rigorous engineering practices, processes, and solutions. Oteemo’s help in developing and implementing measurable, quality-focused practices has significantly increased the pace of integration […]

Apr 21, 2021

This is what our customers say about our approach

Gain an edge in DevSecOps Adoption

Acceptance of your applications into the Iron Bank is an essential step in achieving adoption within the DoD. Talk to us today to see how we can accelerate your journey into the Iron Bank.
As passionate technologists, we love to push the envelope. We act as strategists, practitioners and coaches to enable enterprises to adopt modern technology and accelerate innovation.
We help customers win by meeting their business objectives efficiently and effectively.

Join our Newsletter

Tens of thousands of your peers are getting the best technology content curated by our experts. We never share or sell your email address!

Let’s talk about your project

To learn more how Oteemo can help your company, fill out the form below and our team will be in touch.