Chuck Norris gets his ATO fast because paper works for him. But the rest of us need automated compliance tools to escape the time-sucking, traditional audit process. This ignite talk pairs Chuck Norris IT facts with cool new tools for DevOps-compatible high-velocity compliance including: OpenControl, ComplianceMasonry, InSpec, GovReady, OpenSCAP, and SecureCI.
As one of the first Chief Data Officers in federal government, Greg Elin routinely encountered the manually-intensive nature of the FISMA compliance and NIST Risk Management Framework as the primary constraint on data innovation during his tenure at the Federal Communications Commission. Blown away by the magic of managing virtual environments with Vagrant, DevOps seemed a magical opportunity to improve compliance while actually making systems more secure. Mr. Elin is now CEO of GovReady PBC which The Department of Homeland Security Science and Technology Directorate recently awarded a two-year contract to build an open source expert system for FISMA.