NAVY DEVELOPMENT SECURITY OPERATIONS (DEVSECOPS) GUIDANCE :
UNCLASSIFIED// ROUTINE R 291942Z DEC 20 MID200000482281U FM CNO WASHINGTON DC TO NAVADMIN BT UNCLAS NAVADMIN 342/20 MSGID/GENADMIN/CNO WASHINGTON DC/N2N6/ SUBJ/NAVY DEVELOPMENT SECURITY OPERATIONS (DEVSECOPS) GUIDANCE // REF/A/MSG/CNO WASHINGTON DC/261805ZDEC18// REF/B/MSG/CNO WASHINGTON DC/241507ZJAN20// REF/C/DOC/DODI 8510.01/DOD/28JUL17// AMPF/REF A IS NAVADMIN 315/18, TRANSFORMING OUR END-TO-END INFORMATION ENVIRONMENT - COMPILE TO COMBAT IN 24 HOURS IMPLEMENTATION FRAMEWORK (CORRECTED COPY). REF B IS NAVADMIN 017/20 ANNOUNCING THE RAPID ASSESS AND INCORPORATE SOFTWARE ENGINEERING PROCESS FOR DEVSECOPS ENVIRONMENTS. REF C IS DEPARTMENT OF DEFENSE (DOD) INSTRUCTION 8510.01, RISK MANAGEMENT FRAMEWORK (RMF) FOR DOD INFORMATION TECHNOLOGY (IT).// POC/HUGH MCCULLOM(MICK)/CIV/CNO OPNAV N2N6D/ARLINGTON VA/TEL: 571-256- 8260/DSN: 260-8260/EMAIL: hugh.mccullom@navy.mil// POC/SCOTT HOWARD/CIV/CNO OPNAV N2N6D/ARLINGTON VA/TEL: 571 256-8292/DSN: 260-8292/EMAIL: scott.r.howard@navy.mil// RMKS/1. This NAVADMIN cancels references (a) and (b) and announces the Rapid Assess and Incorporate Software Engineering (RAISE) process is approved for use in Development Security Operations (DevSecOps) environments to accelerate the Risk Management Framework (RMF) process defined by reference (c). To deliver warfighting capability and improve cyber readiness for those applications hosted on the Consolidated Afloat Network and Enterprise Services (CANES), the Overmatch Software Armory (OSA) DEVSECOPS pipeline is available for use with RAISE. The Shore Tactical Assured Command and Control (STACC) DEVSECOPS pipeline capability will come online in the summer of CY21. 2. The RAISE process streamlines and accelerates the RMF process by employing automation, cyber verification tools, and Cybersecurity Tech Authority -certified DevSecOps pipelines to ensure developed software is secure. Use of RAISE certifies DevSecOps environments and authorizes software applications built and operated within those environments. 3. As available, specific RAISE implementation guidance for CANES, STACC and other systems of record, as well as updates on new capabilities, will be promulgated via Fleet Advisory Messages (FAMs). RAISE guidance is available in the RMF Process Guide and RAISE Playbook at the following location - https ://portal.secnav.navy.mil/orgs/OPNAV/N2N6/DDCION/RAISE/SitePages/Home.aspx. 4. Effective January 2021, all programs with new software development starts and/or software upgrades intended for use on CANES (AFLOAT) platforms currently operating with Agile Core Services (ACS) are required to use this approach. Programs should review the RAISE guidance contained in the RMF Process Guide and RAISE Playbook. 5. This NAVADMIN will remain in effect until cancelled or superseded. 6. Released by VADM Jeffrey E. Trussler, Deputy Chief of Naval Operations for Information Warfare, OPNAV N2N6. BT #0001 NNNN UNCLASSIFIED//