“Earlier this Summer, Centers for Medicare and Medicaid Services CISO Rob Wood shared his strategic goals for the agency’s cybersecurity, which included plans for a “batcave,” and it’s going pretty well.”
“Batcave is the CMS Office of IT’s rising continuous authorization and verification engine. Wood introduced the effort as a way to shift toward building software and embracing the cloud, providing a foundation for faster and user-focused development.”
“’We’re shifting toward the code,’ Wood said at the CMS Cybersecurity Forum last week. ‘It’s an engineering shift. Then ultimately, if we can build it once, run it in most cases everywhere or piecemeal run it, run pieces of it everywhere — then we can maximize control inheritance … taking away most of that prep time, taking away most of that [minimum viable product] build time, so you can focus on building features, building user experiences, building data models, building whatever it is that’s going to solve your problem and add value to your stakeholder.'”
“Wood hopes Batcave can get ideas to production as quickly and securely as possible, encouraging a development culture that embraces DevSecOps, faster problem-solving and reduced complexity.”
“Alongside Batcave, Wood said CMS is also working to make development safer in general. To do this, CMS is investing in better synthetic datasets so that developers can conduct rapid experimentation in a secure fashion…” Read the full article here.
Source: CMS CISO Outlines Goals to Enable Innovation, Security – By Melissa Harris, October 13, 2021. GovernmentCIO.