JFAC is a federation of DoD organizations that have a shared interest in promoting software and hardware assurance in defense programs, systems, and supporting activities. The JFAC member organizations and their technical service providers work with defense acquisition program offices and other interested parties to provide software and hardware assurance expertise and support, to include vulnerability assessment, detection, analysis, and remediation services, and information about emerging threats and capabilities, software and hardware assessment tools and services, and best practices.
A key part of the JFAC mission is to disseminate technologies to members that will help assure the security of software in DoD systems, including weapons systems. Towards achieving that end, they selected Code Dx Enterprise for member agencies to use to automatically correlate results of multiple application security testing (AST) tools, prioritize vulnerabilities, and manage the remediation process.
Code Dx Enterprise automates many of the manpower-intensive activities needed to run AST tools, consolidates the results, and prioritizes the reported vulnerabilities based on industry and regulatory standards. It also identifies security weaknesses in the codebase that jeopardize the software’s compliance with a dozen regulations or standards, including DISA STIG (Defense Information Systems Agency Security Technical Implementation Guides) versions 3.1 and 4.3 and NIST (National Institute of Standards and Technology) 800-53. Any lines of code that violate these regulations or standards are flagged, and the exact nature of the violation is shown, along with ways to make it compliant – eliminating the need for the user to read through the regulations and allowing them to spend more time on quality and security of the application.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective parties.