DSOP

DoD Enterprise Initiative (DSOP)

WHAT IS THE DSOP?

The DSOP is joint effort of the DOD’s Chief Information Officer, Office of the Undersecretary of Defense for Acquisition and Sustainment. The services focus on bringing automated software tools, services and standards to DOD programs so that warfighters can create, deploy, and operate software applications in a secure, flexible, and interoperable manner.

Latest Documentation & Videos

THE TECHNOLOGY

Selecting, certifying, and packaging best of breed development tools and services (over 100 options)

Creating a centralized artifacts repository of hardened and centrally authorized containers

Designing a Scalable Micro-services Architecture with Service Mesh/API Gateway and baked-in security

Standardizing metrics and define acceptable thresholds for continuous Authority To Operate (cATO)

Working with DAU to create state of the art DevSecOps curriculum

Creating the Sidecar Container Security Stack (SCSS) for baked-in zero trust security

Providing on-boarding and support for adoption of Agile and DevSecOps

Developing best-practices, training, and support for pathfinding and related activities

Creating new contracting language to enable and incentivize the use of Agile and DevSecOps

WHAT IS DEVSECOPS?

The software automated tools, services, and standards that enable programs to develop, secure, deploy, and operate applications in a secure, flexible and interoperable fashion.

WHY

SHOULD

YOU

CARE?

Software and cybersecurity permeate all aspects of the Department of Defense’s (DoD) mission, encompassing business systems, weapons systems, artificial intelligence, cybersecurity, and space operations. To meet the challenges posed by this dynamic environment, establishing DevSecOps capabilities becomes imperative

Deliver applications rapidly and in a secure manner, increasing the warfighters competitive advantage
Bake-in and enforce cybersecurity functions and policy from inception through operations
Enhance enterprise visibility of development activities and reduce accreditation timelines
Ensure seamless application portability across enterprise, Cloud and disconnected, intermittent and classified environments
Drive DoD transformation to Agile and Lean Software Development and Delivery

Leveraging industry acquisition best practices combined with a centralized contract vehicle for DevSecOps tools and services will enable rapid prototyping, real-time deployments. and scalability.

We cannot be left behind: China, Russia and North Korea are already implementing DevOps

DoD Program Value

Deploy a DoD-hardened Software Factory, on their existing or new environments (including classified, disconnected and clouds), within days instead of a year. Cost and time savings.

Multiple DevSecOps pipeline exemplars are available with various options to avoid vendor lock-in and enable true DoD-scale as there is not a one-size-fit-all for CI/CD.

Creates rapid prototyping (in days and not months or years) for any Business, C4ISR and Weapons system. Deployment in Production.

Enables learning and continuous feedback from actual end-users (warfighters)

Allows bug and security fixes in minutes instead of weeks/months

Enables continuous Authorization to Operate (ATO) process for rapid deployment and scalability. Authorize Once, use Many times.

Brings a holistic and baked-in cybersecurity stack, gaining complete visibility of all assets, software security state and infrastructure as code

Facilitates the adoption of micro-services by using Micro-services Architecture

Deployed on any environment, including DoD-approved Cloud and Jedi (when available)

Enables automated testing and security