SLIDE 1
@jezhumble public domain slides courtesy @noahkunin, infrastructure director, 18F / GSA TTS
when devops meets regulation: integrating 'continuous' with 'government'
when devops meets regulation: integrating 'continuous' with - - PowerPoint PPT Presentation
when devops meets regulation: integrating 'continuous' with - - PowerPoint PPT Presentation
when devops meets regulation: integrating 'continuous' with 'government' @jezhumble public domain slides courtesy @noahkunin, infrastructure director, 18F / GSA TTS what is continuous delivery? The ability to get changesfeatures, con fi
SLIDE 2
SLIDE 3
what is continuous delivery?
The ability to get changes—features, configuration changes, bug fixes, experiments—into production or into the hands of users safely and quickly in a sustainable way.
SLIDE 4
devops movement
a cross-functional community of practice dedicated to the study of building, evolving and operating rapidly changing, secure, resilient systems at scale
SLIDE 5
Let’s ship it!
SLIDE 6
Or not.
SLIDE 7
Shipping software isn’t rocket science
SLIDE 8
Is the launch checklist working?
SLIDE 9
The U.S. Government's Digital Launch Checklist
SLIDE 10
Records Management Records Schedule Privacy Act Paperwork Reduction Act Section 508 and Accessibility Standards Federal Acquisition Regulation Anti-deficiency Act Economy Act E-Government Act Computer Matching Act National Cyber Protection System Guidance for Agency Use of Third-Party Websites and Applications Social Media and Web-Based Interactive Technologies Office of Management Budget Circular A-130 Appendix 3 Federal Information Security and Management Act Federal Information Processing Standard (FIPS) 199 Federal Information Processing Standard (FIPS) 200 Federal Information Processing Standard (FIPS) 140-2 Special Publication 800-37 Special Publication 800-53 Revision 4 Special Publication 800-60 Volume 1 Special Publication 800-60 Volume 2
SLIDE 11
Special Publication 800-18 Special Publication 800-137 Special Publication 800-171 Special Publication 800-133 Special Publication 800-95 EINSTEIN Compliance FedRAMP OMB Guidance on third party websites and applications OMB Memo M-14-04 OMB Memo M-15-01 Trusted Internet Connection 2.o Reference Architecture
Pages in total:
4006
SLIDE 12
http://dx.doi.org/10.6028/NIST.SP.800-53r4
SLIDE 13
http://dx.doi.org/10.6028/NIST.SP.800-53r4
SLIDE 14
My friend, you can clearly see the intention of FIPS 140-2 Annex A was to deprecate SHA-1 on the lunar new year...
SLIDE 15
http://dx.doi.org/10.6028/NIST.SP.800-53r4
SLIDE 16
http://dx.doi.org/10.6028/NIST.SP.800-53r4
SLIDE 17
http://dx.doi.org/10.6028/NIST.SP.800-53r4
SLIDE 18
SLIDE 19
SLIDE 20
SLIDE 21
SLIDE 22
How long is this going to take?
SLIDE 23
6 - 14 months to ship
SLIDE 24
SLIDE 25
Speed is the new security.
SLIDE 26
Ops Dev
SLIDE 27
IaaS Ops Dev PaaS
SLIDE 28
SLIDE 29
SLIDE 30
push-button deployments teams can deploy into a production-like environment from day 1 architectural paradigm designed for distributed systems templates for all your compliance documentation most of the controls taken care of at the platform level
what this gets you
SLIDE 31