D2S application assurance process

D2S operates under Continuous Authority to Operate (CAtO). It’s JSP 604 approvals are continuously assessed and not subject to periodic approvals. D2S works under a continuous security and risk management strategy. Security stakeholders have greater visibility over the platform performance.

D2S can independently assure applications for deployment as instead of teams engaging with the JSP 604/JSP 440 process themselves. This means that you do not usually need to manage multiple security teams and satisfy various policies whilst deploying on D2S.

Once onboarded to the D2S//Platform, you can:

  • immediately start building applications in the D2S development/test environment
  • benefit from pre-assured tooling and environments
  • rapidly deploy to production and maintain a continuous security relationship with one team
  • assure Defence applications in less than 4 weeks, with urgent cases in less than 5 days

Applications at greater risk

Where applications hold greater risk, D2S may refer to JSP 604 or CyDR (opens in new tab) for guidance and assurance. You may be asked to liaise with JSP 604 Rule Owners before deployment.

You can learn more about the D2S security assurance process by contacting the D2S team. You can also find this information in the D2S user guidance (opens in new tab) once you have received access to the D2S//Platform.