Checkmarx Named a Leader in The Forrester Wave: SAST
Public Sector
Checkmarx Public Sector brings enterprise-grade
application security testing to developers in Agile and
DevOps environments supporting federal, state, and
local missions.
Source Code Scanning Tools
FirstNet expects that “certified public safety apps” listed on the App Catalog have gone through rigorous quality controls. Developers must demonstrate they have taken the proper steps to ensure application security using the Checkmarx platform.
Accelerate Your Delivery of Secure Software
Our integrated platform allows developers to identify and resolve security issues at the
earliest possible point in the development process.
Public Sector Agency Solutions
- Meet compliance requirements for FISMA, NIST, STIG and others
- Decrease time to ATO and improving POA&M efficiency
- Integrate security testing into DevOps, Agile and CI/CD environments
- Train developers to code securely
- Checkmarx has a Certificate of Networthiness (CoN) from the U.S. Army, ID 38392
Federal-Grade Application Security Testing
Checkmarx’s software security testing platform is unique in the public sector. No other federal-grade platform addresses core issues with a single easy-to-deploy-and-use solution.
Federal Compliance Mandates
Checkmarx’s automated approach shifts more of your security effort to the left – driving down costs and accelerating time to market. Even better, it also simplifies your ability to document security compliance.
Our easy-to-follow test reports show where your application isn’t meeting a specific standard. Your post-fix report positively documents your compliance. And these reports support all three of these key standards:
Federal Information Security Management Act (FISMA)
NIST 800.53 and the Risk Management Framework (RMF), which are used by all federal agencies and their contractors
DISA’s Security Technical Implementation Guideline (STIG), which establishes the assessment criteria used by DoD organizations before issuing an ATO
Integrate Security Testing
Checkmarx’s platform has two key features that make it easier for agencies and
contractors of all sizes to achieve the benefits of DevOps:
The result is a faster path to DevOps, with just a few changes to your test process.
Train Developers to Code Securely
Codebashing helps developers learn and sharpen application security skills in the most efficient way, because it is in-context and available on-demand. Codebashing is fully integrated into the CxSAST user interface so when developers encounter a security vulnerability they can immediately activate the appropriate learning session, quickly run through the hands-on training, and get straight back to work equipped with the new knowledge to resolve the problem.
A Leader in the Gartner Magic Quadrant for AST 2020
Gartner released the 2020 Magic Quadrant for Application Security Testing, an annual market report which analyzes vendors’ Application Security Testing capabilities. We’re excited to share that Checkmarx has been recognized at the highest level – as a Leader – based on the comprehensiveness of our vision and our ability to execute in the market.
Gartner 2020 Magic Quadrant for Application Security Testing
ATO and POA&M
Checkmarx’s approach is specifically designed to accelerate your time to ATO. Features like our Best Fix Location speeds the POA&M process, so you can keep your promises to program stakeholders and document every step in your compliance.
Contracts
Checkmarx’s platform is available on the IT-security GWACs that most federal pros use and prefer:
US General Services Administration (GSA)
Information Technology (IT) Schedule 70
IT Schedule 70 is the U.S. government’s largest IT procurement vehicle, with more than 7.5 million products and services from over 4,600 pre-vetted vendors. Federal, state, and local agencies can use IT Schedule 70 to shorten procurement cycles by up to 50 percent, ensure FAR compliance, and obtain best value.
NASA Solutions for Enterprise-Wide Procurement (SEWP) V
SEWP offers federal agencies and contractors access to more than 140 pre-competed Prime Contract Holders. SEWP stands out for combining low prices with low surcharges, faster ordering, and continuous tracking. High-level decision makers also get direct access to their agency’s acquisition data, helping support strategic procurement oversight and control.
DoD Joint Service Provider (JSP) Approved Product List (APL)
JSP handles IT procurement for the Office of the Secretary of Defense (OSD), Office of the Deputy Chief Management Officer, and the Washington Headquarters (WHS). The APL is DoD’s official list of equipment that’s permissible to field inside DoD networks, and a requirement for getting an Authorization to Connect (ATC).
Solution Overview
Solution Overview
Download our Solution Overview to discover how Checkmarx has a solution for your application security needs.
Download Solution Overview
Analyst Report
Gartner 2020 Magic Quadrant for Application Security Testing
