DevSecOps adoption within the DoD and US Air Force is significantly increasing. Kubernetes and container architectures are being standardized across the application and infrastructure stacks inside the DoD.
US Enterprise software that can be containerized for Kubernetes can be submitted to the Department of Defense (DoD) Iron Bank to become part of the digital transformation and modernization solutions across DoD programs. This is an excellent opportunity for your applications to be part of this revolution.
Iron Bank is a groundbreaking central repository that contains authorized container images hardened to the DoD’s exacting specifications. Container images that meet these specifications are then authorized for use across the DoD and provide a Continuous Authority to Operate (cATO) for all agencies. Standardizing how agencies can quickly obtain secure versions of software required for their missions is a massive benefit for both the DoD and software providers. The repository is publicly available at dsop.io, and the images therein are built and hardened on top of the STIG’ed Red Hat Universal Binary (UBI7) Image. The container build and hardening processes are automated using purpose-built build pipelines, and provide reference images for over 170 applications cleared for DoD-wide use. This not only eliminates application patching, but also provides a robust, repeatable and scalable mechanism to build, scan and distribute application containers to the DoD.
It takes significant effort to continuously maintain and manage hardening pipelines while incorporating the evolving Department of Defense specifications and new vulnerabilities as they arise. Even with advanced tooling and experience in-house, this can severely detract from your core mission of delivering great applications to the DoD. This is where Oteemo can help.
Find out how Oteemo can support your cloud native computing and app modernization efforts.
Leverage Our Iron Bank Experience
Oteemo is an Enterprise DevOps and Cloud-Native Transformation consultancy. We are a Silver member of the Cloud Native Computing Foundation (CNCF) and Kubernetes Certified Solution Provider (KCSP).
We are also one of the few certified Kubernetes Training Providers (KTPs) in the country, with a varied roster of clients in both the federal and commercial spaces. We have proven experience and past performance in building enterprise grade containers and cloud native solutions.
We are also honored to be one of the awardees of the recent DevSecOps Blanket Order Agreement (BOA) from DoD / US Air Force to help accelerate the adoption of DevSecOps within the Department of Defense.
As containerization and Kubernetes experts that have direct experience with building, scanning and hardening application containers for Iron Bank, Oteemo has the required skills, tooling and recipes to substantially increase the chances of your application being accepted into Iron Bank in the most optimal manner. We are intimately familiar with the hardening specifications, intake process and build pipelines, and have worked closely with DoD stakeholders and teams to provide hardened containers for multiple applications.
Following is a high-level overview of the stages through which we take your application to ensure readiness for acceptance into Iron Bank.
Oteemo’s Container Hardening Process for Iron Bank
We will work with your team to onboard the latest release of your application(s) or product through our pipeline to build, scan and harden the target container to enable you to meet the requirements for inclusion into Iron Bank. We also work with you so that each subsequent release can be taken through the same process. We establish a feedback cadence with your release team to make sure emergent standards and advisories are followed continually as new versions are submitted. You will also receive hardening reports and analytics from the process, along with relevant SecComp guidance to enhance your applications’ compliance going forward. We invite you to leverage our expertise to accelerate the adoption of your applications into Iron Bank-hosted hardened containers. Gain an edge in DoD DevSecOps adoption with our experience and expertise.
At Oteemo, we pride ourselves on our ability to offer container services and training that simplifies application delivery and management.
Our certified experts know just what it takes to accelerate your pathway into Iron Bank. Fill out the form below.
How Can Oteemo Help You?
Who We Are & What We Do
We help customers win by meeting their business objectives efficiently and effectively.