White Paper: DevSecOps Maturity Model for Federal Government Agencies

The DevSecOps Maturity Model, developed by the Advanced Technology Academic Research Center’s (ATARC) DevSecOps working group, is a comprehensive framework designed to assess and improve DevSecOps practices within federal government agencies. This model addresses the unique challenges and requirements of federal Information Technology (IT), including stringent security regulations, complex procurement processes, and the need for interoperability across agencies.

The model evaluates six key dimensions, each containing 25 questions scored on a scale of 1-5. These scores are aggregated to provide an overall score for each dimension, visualized on a bar chart to offer a clear representation of an agency’s DevSecOps maturity across all areas.