DevSecOps solution

RevaComm to Provide CMS DevSecOps Platform-as-a-Service Under $390M SBIR Contract

The Centers for Medicare & Medicaid Services has tapped RevaComm, a small business headquartered in Honolulu, Hawaii, to deploy a platform-as-a-service DevSecOps solution to facilitate the development, testing and delivery of secure software applications across the agency.

Work will be performed under the terms of a $390 million Phase III Small Business Innovation Research indefinite-delivery/indefinite-quantity contract.

The deployed solution is expected to help CMS identify weaknesses in applications before they are released into production environments, significantly minimizing security risks, RevaComm said.

CMS software developers can benefit from a streamlined process of checking code compliance with security requirements while end users could see reduced downtime resulting from security issues.

The IDIQ contract supports the CMS’ Continuous Automation and Verification Engine initiative. BATcave is modeled after the U.S. Air Force’s Platform One, with the hopes of decreasing the time-to-value for software developers to get something from ideation to production faster, CMC Chief Information Security Officer Robert Wood said in a podcast hosted by GovernmentCIO Media & Research.

Wood noted that BATcave could help decrease time spent in audits and reduce fear around making changes to production code to incentivize more change to security.

“We’re trying to take a more unified and user-friendly approach to software development across the board,” Wood added.