DevOps
Communications & Media

Phase II: Policy as Code Implementation

In Phase II of this project, Trility helped this client meet the security requirements mandated by a key customer with an automated Policy as Code solution that tests, validates, and provides evidential proof.

Problem Statement

To meet Federal regulations and  requirements, this client needed to implement security controls and produce evidence in support of the ICD-503 accreditation of the SecOps 2.0 program environment running in the SC2S AWS partition.

Solution Approach

Trility built Developer Services applications compliant with the applicable security controls and also provided test plans to validate the control implementation and evidence of test results.

Through learning sessions, demos, and documentation, a seamless handoff was created for the client’s team members.

Outcomes

The client achieved the following outcomes:

  • Hardening of Developers Services applications through automated mechanisms.

  • Met all security controls with documented test plans and procedures and generated evidence with a readable and human-friendly report.

  • A working solution that spanned multiple cloud accounts and inside cloud services.

  • A reduction in future costs for evidencing compliance to ICD-503 controls.

Project Attributes

  • Reduced Risk
  • Reduced COO
  • Increased Automation
  • Reusable Patterns
  • Verifiable Compliance
  • Documentation
  • Learning Sessions
  • Videos

Technologies Used

  • Artifactory
  • Jenkins
  • Kubernetes
  • AMQ
  • Eureka
  • Vault
  • Terraform
  • Packer