RESTON, VA - June 23, 2020 – Anchore, Inc., experts in DevSecOps workflow for software containers, today announced that Anchore Federal has reached the criteria for hardened applications that adhere to the United States Department of Defense’s (DoD) security and compliance requirements, allowing the software to be used in security-sensitive DoD projects.
The U.S. Air Force Platform One team, operating as the DoD Enterprise Service Provider for DevSecOps, provided the formal certification following an extensive evaluation. The hardened version of Anchore is delivered as container images that have achieved a Certificate to Field (CtF), meaning that they can be used in environments that meet requirements set forth in DISA STIGs and cybersecurity best practices defined within Platform One’s security policy for the use of containerized software.
“Establishing force-wide DevSecOps capabilities as we move to Continuous Authority to Operate (ATO) remains a top priority for the US Air Force and Department of Defense,” said Nicolas Chaillan, Air Force chief software officers and co-lead for the DoD Enterprise DevSecOps initiative. “Authorizing DevSecOps vendors such as Anchore supports and enables this mission, ensuring that a wide variety of hardened software components are available to meet the needs of developers.”
With Anchore, DevSecOps teams can enforce security and compliance policies against software containers. For the past 18 months, Anchore has been working with the DoD to implement DevSecOps practices to rapidly and securely deliver new software to its developers and warfighters. In fact, Anchore provides a core technology platform mandated as part of the DoD DevSecOps Reference Design. During this time the Anchore team has provided design and operational support for Platform One.
“Wide-scale software application modernization is spreading across the DoD, and we’re just at the beginning,” said Craig Bowman, Vice President, US Public Sector at Anchore. “With their mission-critical, time-sensitive, and complex needs, we could not ask for a better partner to drive our roadmap forward. We are proud to see Anchore become available to DoD developers building security into their pipelines.”
Today’s news follows Anchore’s announcement last week that it was awarded a $2.25 million AFWERX Small Business Innovation Research (SBIR) Phase II contract to secure and harden software containers using automated policy-based DevSecOps workflows to identify and apply security and compliance policies.
For more information about Anchore and Platform One, visit anchore.com/usaf and software.af.mil/team/platformone.
About Anchore
Anchore, Inc., based in Santa Barbara, CA, was founded in 2016 by Saïd Ziouani and Daniel Nurmi to help organizations implement secure container-based workflows using Anchore Engine and Anchore Enterprise. With Anchore, DevSecOps teams establish policy-based approaches to container compliance without compromising velocity. Customers range from Fortune 100 companies to small- and mid-sized customers. Anchore is trusted by modern software development companies across the globe. For more information, visit anchore.com.
###
Media Contact: [email protected]