DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)

January 27, 2021 Michael Coté

When Federal people ask to secure a DevOps app creation and delivery process, what do they mean? Chris Willis joins Coté in this episode to answer that question with a #vmwaretanzu customer example: the Tanzu Build Service, buildpacks, Tanzu Application Service (Pivotal Cloud Foundry), and other components. He covers FIPS encryption requirements, STIGs, working with the authorizing official, and the overall practices and culture-think for securing build pipelines.

Mentioned in the show:

About the Author

Michael Coté

Michael Coté works on the advocates team for VMware Tanzu. See @cote for more.

More Content by Michael Coté
Previous
Refactor or lift-and-shift: How to prioritize modernization efforts
Refactor or lift-and-shift: How to prioritize modernization efforts

In this episode of the Cloud & Culture podcast, Felicia Schwartz of VMware Tanzu Labs discusses how her tea...

Next
Episode 187: DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)
Episode 187: DevSecOps for US Federal agencies (FIPs, STIGs, auditors, AOs, and all that)

When Federal people ask to secure a DevOps app creation and delivery process, what do they mean? Chris Will...