Developer Security Testing and Evaluation
System and Services Acquisition Policy for 18F
unit and integration
The security assessment plan is created by the FedRAMP Accredited Third Pary Assessment Organzation (3PAO). It will It will be used for annual assessments conducted by the 3PAO for continuous monitoring of cloud.gov.
cloud.gov performs unit and integration testing on the sytem on each deployment.
Testing is done automatically and tracked using tools like Nessus, OWASP and Concourse.
The process of remediation is by implementing changes to the configuration on configuration management, redeploying and testing.
Flaws are identified by automated tools and false positives are marked as such. Covered By: