Checkmarx for the
US Public Sector
Federal, state, and local government agencies and education institutions increase security, streamline their DevSecOps methodologies, meet deadlines and compliance, and accelerate ATO with our developer-centric unified application security platform.
Civilian, DoD, and Intelligence agencies uphold compliance requirements while strengthening their software security posture throughout the SDLC to mitigate cyber supply chain risks. Federal customers leverage a unified platform to scan early and often in both legacy and next-gen cloud-native application development tools.
State, Local & Higher Education (SLED)
Checkmarx’s FirstNet-certified public safety app is an industry-leading AppSec solution enabling organizations to consolidate and optimize DevSecOps. Quickly deliver secure digital services to constituents, manage cybersecurity risks, and develop scalable cloud strategies for modern application development, all while working within budget constraints.
Application Security Solutions for the Public Sector
From a single pane of glass, shift security left as far as possible to save time-to-production while securing applications against ever-evolving threats. Enhance best-in-class source code security analysis (CxSAST) with just-in-time developer secure coding education (CxCodebashing), and extend security up the tech stack with CxIAST for continuous run-time testing and KICS (Keeping Infrastructure-as-Code Secure), as the public sector increasingly transitions to the cloud with modern application development.
FISMA, NIST, STIG
Simplify your ability to document security compliance with our easy-to-follow test reports that show you exactly where your applications don’t meet standards. Your post-fix report positively documents your compliance.
Integrations that Bring Security into Your DevOps
See how Checkmarx works with your tech stack.
Discover Articles & Videos by Checkmarx’s Team of Public Sector Experts
Checkmarx security solutions are available on the IT-security GWACs that most federal professionals use and prefer:
US General Services Administration (GSA) Information Technology (IT) Schedule 70
IT Schedule 70 is the U.S. government’s largest IT procurement vehicle, covering more than 7.5 million products and services from over 4,600 pre-vetted vendors. Federal, state, and local agencies can use IT Schedule 70 to shorten procurement cycles by up to 50 percent, ensure FAR compliance, and obtain best value.
DoD Joint Service Provider (JSP) Approved Product List (APL)
JSP handles IT procurement for the Office of the Secretary of Defense (OSD), Office of the Deputy Chief Management Officer, and the Washington Headquarters (WHS). The APL is DoD’s official list of equipment that’s permissible to field inside DoD networks, and a requirement for getting an Authorization to Connect (ATC).
NASA Solutions for Enterprise-Wide Procurement (SEWP) V
SEWP offers federal agencies and contractors access to more than 140 pre-competed Prime Contract Holders. SEWP stands out for combining low prices with low surcharges, faster ordering, and continuous tracking. High-level decision makers also get direct access to their agency’s acquisition data, helping support strategic procurement oversight and control.
Download our solution overview to learn more about the Checkmarx tools for your application security needs.
See What People Are Saying
"Checkmarx combines an effective and robust product with friendly, knowledgeable, and responsive people to simply and cleanly address the very challenging tasks of identifying and fixing security vulnerabilities in computer software."
My experience with Checkmarx on-premise has been excellent. I find it easy to use and good for integration with other Continuous Integration solutions. Checkmarx provides a robust static code analysis capability that reduces time to fix by quickly identifying best fix locations within the code."
“Checkmarx provides an easy to use platform that integrates DevSecOps tools in CI/CD with a robust training simulation. The platform is easy to use, and very useful. Compared to many other products, it does not require customization or special client infrastructure.”
See How Simple Security and Compliance Can Be
Talk to us today to quickly improve your application security testing, coverage, training, and governance.