Checkmarx, a global leader in software security solutions for DevOps, today announced that it has been awarded a contract with the U.S. Air Force (USAF) Business & Enterprise Systems (BES) Directorate to accelerate its development and delivery of secure software. The USAF will benefit from the full Checkmarx Software Security Platform, which combines SAST, SCA, IAST, and developer education solutions, to mitigate risk from software vulnerabilities earlier in the development lifecycle and empower its shift to a true DevSecOps model.
Selected by the BES Cyber Security Assurance Division, the Checkmarx deployment supports the twofold mission of the BES Directorate: to build cyber resiliency into the applications it develops and to do so without disrupting developer workflows, leading to faster software delivery. The organization’s enhanced DevSecOps efforts expedite the U.S. Federal Certificate to Field (CTF) and Authority to Operate (ATO) approval process from months to days in alignment with the USAF CIO Division 4 Fast Track ATOs.
The BES Directorate initially engaged Checkmarx in 2018, leveraging Checkmarx SAST (CxSAST) across dozens of applications and projects to better meet the SAST scanning requirements set by the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and Risk Management Framework (RMF). After seeing positive results, including developers identifying, triaging, and remediating more vulnerabilities earlier on in the SDLC, as well as reducing false positive rates and overall application delivery timelines, the unit expanded its program with Checkmarx. Now, the full Checkmarx Software Security Platform will automate security scanning throughout the BES CI/CD pipeline for more than 100 applications and projects, while further empowering its team of more than 1,000 developers.
Of note, the Business & Enterprise Systems Product Innovation (BESPIN) Team initiated by the BES Program Executive Officer will also leverage Checkmarx’s capabilities in the BES CI/CD pipeline. BESPIN is a collaboration between both internal and private sector developers that will use DevSecOps to turn projects into new resolutions that will ultimately support the Department of Defense.
“The BES DevSecOps efforts align with the USAF’s vision of fast-tracking ATOs for standing up and maintaining CI/CD pipelines, as well as delivering applications. However, these pipeline improvements are not only focused on speed, but also on seamlessly instilling cyber resilience into the applications themselves to bolster the USAF’s overall security posture,” said Rich Wajsgras, Vice President of U.S. Federal, Checkmarx. “The BES Directorate is a valued partner to Checkmarx and our expanded relationship will further support its mission as we work to make software security easier, faster, and more efficient for its unit and the broader U.S. government sector.”
The Directorate will benefit from the convenience and economic efficiencies of the Checkmarx platform. With SAST, IAST, SCA, and secure coding education solutions unified in a single platform via a management and orchestration layer, the unit will extend the depth and reach of its application security testing (AST) efforts, without the added complexity and expense of using multiple first-generation AST products from different vendors.
For more information about the Checkmarx Software Security Platform, visit here.
Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive Software Security Platform that unifies with DevOps and provides static and interactive application security testing, software composition analysis, and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities. Checkmarx is trusted by more than 40 percent of the Fortune 100 and half of the Fortune 50, including leading organizations such as SAP, Samsung, and Salesforce.com. Learn more at www.checkmarx.com.
About U.S. Air Force Business & Enterprise Systems Directorate
The Business & Enterprise Systems Directorate (BES) is the software application and IT services provider for the Air Force and Department of Defense (DoD), delivering comprehensive IT solutions and providing expert contracting, acquisition, and program management. The organization comprises 2,200 employees across three states (Alabama, Texas, and Ohio) and supports over 160 missions with a portfolio value of over $1 billion. For more information, visit www.airforcebes.af.mil/.