DoW & DISA Reference Materials.

The DoW's overarching strategy for implementing zero trust architecture across all DoW information systems and networks. Defines the seven pillars and target-level activities.

NIST SP 800-37 Rev. 2 — the foundational framework for managing security and privacy risk across federal information systems. Defines the six-step RMF lifecycle used across DoW.

Defines the enterprise cybersecurity architecture for DoW information systems. Covers identity, access management, network segmentation, and endpoint security aligned to zero trust.

The DoW's flexible acquisition framework with six pathways. The Software Acquisition Pathway (SWP) is directly relevant to DevSecOps-enabled capability delivery inside environments like the DCF.

The Joint Capabilities Integration and Development System manual. Defines the requirements process that drives capability development — the upstream input to the Capability Factory intake process.

DISA's authoritative guidance on DevSecOps implementation for DoW programs. Covers pipelines, container hardening, CI/CD security, and integration with the RMF authorization process.

Reference architecture for DoW DevSecOps implementations. Defines the hardened container platform, CI/CD pipeline, and security toolchain that ClearSpring is built to align with.

The DoW's strategy for modernizing software development and delivery. Emphasizes continuous delivery, software factories, and the shift from program-centric to product-centric delivery models.

Guidance on implementing Continuous Authorization to Operate (cATO) for DoW programs. Defines the technical and process requirements for maintaining an ongoing authorization posture.

The authoritative source for DISA STIGs — configuration standards for DoW IT systems. ClearSpring's pre-validated controls are built against these baselines across every stack layer.

Enterprise Mission Assurance Support Service — the DoW's system of record for RMF. Understanding eMASS workflows is essential for any program pursuing ATO inside the DoWIN.

DISA's vulnerability scanning solution required across DoW networks. ClearSpring integrates ACAS natively — continuous scanning is a byproduct of the engineering process, not a separate step.

Security requirements for cloud services used within DoW. Defines the impact levels (IL2–IL6) and authorization requirements relevant to capability deployment inside DoWIN-aligned environments.

Security and Privacy Controls for Information Systems and Organizations. The control catalog underlying RMF — ClearSpring's pre-validated controls map directly to these families.

Application Container Security Guide. Defines security considerations for container images, registries, orchestration, and runtime — directly applicable to ClearSpring's Platform Layer.

Federal Information Security Modernization Act implementation resources. Covers the full suite of FISMA-related NIST publications that define the compliance baseline for federal systems.