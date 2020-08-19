Contrast’s Assess, OSS, and Protect Solutions Approved Per U.S. DoD Security and Compliance Standards to Deliver Real-time Application Security and Reliability Throughout the DevOps Process

This designation provides Certificate to Field (CtF) for DoD application developers to immediately deploy Contrast’s platform of end-to-end solutions to assess and mitigate security risks within applications across the entire software development life cycle (SDLC) in modern cloud-based DevOps environments. That means DoD teams can eliminate the lengthy auditing and approval process required to obtain Authorization to Operate (ATO) and immediately put Contrast’s Assess, OSS, and Protect solutions to work for continuous security observability of applications, seamless integration into IDE, and a continuous integration/continuous deployment (CI/CD) pipeline from development through production.

A project of the U.S. Air Force and the DoD, Platform One provides the Iron Bank a preapproved repository of containers that have cleared DoD’s stringent cybersecurity requirements for DoD software developers. Choosing solutions from Platform One streamlines the cloud-based development process and helps federal agency DevOps teams to quickly turn out vital software applications in a secure, efficient, and agile environment.

“We are very pleased to have Contrast Security as part of the Iron Bank,” said Nicolas Chaillan, Chief Software Officer of the U.S. Air Force and co-lead of the DoD Enterprise DevSecOps initiative.

With the Contrast Security platform, developers can ensure application security from the inside out with real-time assessment and protection. Unlike most application security solutions that evaluate after the fact and capture point-in-time views, Contrast leverages instrumentation to embed security within the application throughout the SDLC. This eliminates security bottlenecks in development, reduces false positives and negatives, and scales security assurance across the application life span.

Contrast Security’s complete platform is fully approved for Platform One-based applications, including:

Contrast Assess, which automatically identifies vulnerabilities in real time during the code-writing process. With instant alerts, developers can find and fix vulnerabilities immediately to ensure fast-track delivery.

Contrast OSS to detect and assess the risk of open-source software (OSS) components used in the application build. OSS triggers alerts when risks and policy violations are detected, allowing developers to update proper versioning and usage.

Contrast Protect for continuous analysis of runtime events to confirm exploitability before blocking an attack. This eliminates false-positive alerts that plague perimeter defense solutions while continuously detecting and preventing both known vulnerabilities and zero-day attacks.

Because Contrast operates from within the application itself, it can monitor all parts of the application, including microservices, custom code, application programming interfaces (APIs), and open-source libraries. Its real-time, continuous assessment substantially improves efficiency for federal constituents by detecting and remediating problems immediately.

“From the beginning, Contrast solutions have been built for modern software development, which is exactly what Platform One is enabling for the DoD,” said Contrast Chief Strategy Officer Surag Patel. “By providing built-in ATO delivered through Platform One, our solutions can now be seamlessly leveraged by our federal partners to deliver application security at the speed and scale required to meet the federal government’s accelerating demands.”

