Introducing Checkmarx Software Composition Analysis (CxSCA)
Checkmarx Public Sector brings enterprise-grade
application security testing to developers in Agile and
DevOps environments supporting federal, state, and
FirstNet expects that “certified public safety apps” listed on the App Catalog have gone through rigorous quality controls. Developers must demonstrate they have taken the proper steps to ensure application security using the Checkmarx platform.
Our integrated platform allows developers to identify and resolve security issues at the
earliest possible point in the development process.
Checkmarx’s software security testing platform is unique in the public sector. No other federal-grade platform addresses core issues with a single easy-to-deploy-and-use solution.
Checkmarx’s automated approach shifts more of your security effort to the left – driving down costs and accelerating time to market. Even better, it also simplifies your ability to document security compliance.
Our easy-to-follow test reports show where your application isn’t meeting a specific standard. Your post-fix report positively documents your compliance. And these reports support all three of these key standards:
Federal Information Security Management Act (FISMA)
NIST 800.53 and the Risk Management Framework (RMF), which are used by all federal agencies and their contractors
DISA’s Security Technical Implementation Guideline (STIG), which establishes the assessment criteria used by DoD organizations before issuing an ATO
Codebashing helps developers learn and sharpen application security skills in the most efficient way, because it is in-context and available on-demand. Codebashing is fully integrated into the CxSAST user interface so when developers encounter a security vulnerability they can immediately activate the appropriate learning session, quickly run through the hands-on training, and get straight back to work equipped with the new knowledge to resolve the problem.
Gartner released the 2020 Magic Quadrant for Application Security Testing, an annual market report which analyzes vendors’ Application Security Testing capabilities. We’re excited to share that Checkmarx has been recognized at the highest level – as a Leader – based on the comprehensiveness of our vision and our ability to execute in the market.
Gartner 2020 Magic Quadrant for Application Security Testing
Checkmarx’s approach is specifically designed to accelerate your time to ATO. Features like our Best Fix Location speeds the POA&M process, so you can keep your promises to program stakeholders and document every step in your compliance.
Checkmarx’s platform is available on the IT-security GWACs that most federal pros use and prefer:
IT Schedule 70 is the U.S. government’s largest IT procurement vehicle, with more than 7.5 million products and services from over 4,600 pre-vetted vendors. Federal, state, and local agencies can use IT Schedule 70 to shorten procurement cycles by up to 50 percent, ensure FAR compliance, and obtain best value.
SEWP offers federal agencies and contractors access to more than 140 pre-competed Prime Contract Holders. SEWP stands out for combining low prices with low surcharges, faster ordering, and continuous tracking. High-level decision makers also get direct access to their agency’s acquisition data, helping support strategic procurement oversight and control.
JSP handles IT procurement for the Office of the Secretary of Defense (OSD), Office of the Deputy Chief Management Officer, and the Washington Headquarters (WHS). The APL is DoD’s official list of equipment that’s permissible to field inside DoD networks, and a requirement for getting an Authorization to Connect (ATC).
Gartner Critical Capabilities for Application Security Testing