Checkmarx, the Software Exposure Platform for the enterprise, has deployed CxSAST on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS). This deployment facilitates Federal agencies to grant a FedRAMP Moderate or DOD Impact Level 5 (IL5) Authority to Operate (ATO) for a cloud deployment of the Checkmarx CxSAST solution.
By being deployed on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS), Checkmarx inherits a vast majority of the controls required for FedRAMP and DOD IL5 compliance. Checkmarx also provides agencies with a System Security Plan (SSP) showing how the remainder of controls are implemented, making the compliance verification and ATO process significantly easier.
The Checkmarx Software Exposure Platform aligns software security with DevOps culture, detecting, intelligently prioritizing, and remediating exposure across the software development lifecycle (SDLC) from the coding stage through the runtime application testing stage.
The platform tightly includes CxSAST, CxOSA, CxIAST, and CxCodebashing via a unified management and orchestration layer to address the entire software exposure lifecycle.
“Checkmarx is fully committed to the U.S. Federal government and is pleased to provide our software security solutions via the Project Hosts Platform as a Service that is both FedRAMP and DOD IL5 compliant,” said Rich Wajsgras, Vice President of U.S. Federal, Checkmarx. “This makes it much easier for Federal organizations to move to a true DevSecOps model.”
CxSAST is a flexible and accurate static analysis solution used to identify hundreds of security vulnerabilities in both custom code and open source components.
CxOSA empowers development and DevOps teams to control and manage open source components and mitigate potential risks to the application, organizations, and its users by providing a holistic view of the application. CxIAST detects vulnerabilities in running applications under test. Built for DevOps, it seamlessly integrates into the CI/CD pipeline.
Finally, CxCodebashing provides continuous, in-context, bite-sized secure coding training that allows enterprises to grow their in-house security skills, and results in fewer vulnerabilities being introduced into code in the first place.
Checkmarx is deployed on Project Hosts’ Federal Private Cloud (FPC) Platform-as-a-Service (PaaS). Project Hosts’ FPC is built on Microsoft Azure Government and saves organizations a significant amount of time and money, obtaining FedRAMP compliance in as little as two months.
The FPC from Project Hosts is a General Support System (GSS) composed of services that manage access control, authentication, auditing, monitoring, scanning, patching, configuration, management, malware prevention, intrusion prevention, incident response, backup, and disaster recovery for SaaS solutions.