The Department of Homeland Security, US Citizenship and Immigration Services has a requirement for Quality, Security, Testing, Automation and Governance (QSTAG).

Quality, Security, Testing, Automation and Governance (QSTAG) services include the assessment and enhancement of conformance to USCIS Agile and Development, Testing, Security and Operations (DevSecOps) practices and Continuous Integration and Continuous Delivery (CI/CD) pipelines. These teams implement security integration and continuous monitoring solutions to secure applications and workloads, ensuring compliance with Zero Trust principles. These teams perform a variety of testing services including end-to-end integration testing, performance testing, interoperability/compatibility testing and test automation. The test teams collaborate with development teams to ensure code is testable as well as to perform early identification of product defects and issues, leveraging automation whenever possible. In the case of Section 508, test review also includes active hands-on testing of applications according to the Department of Homeland Security (DHS) Accessibility and Language Services (A&LS) Division’s protocols and procedures.

The team integrates Robotic Process Automation (RPA) to streamline repetitive tasks and enhance decision-making capabilities within DevSecOps workflows, improving operational efficiency and security, testing and other areas of demand from Office of Information Technology (OIT), and applies Machine Learning (ML) where possible. The technical governance team focuses on lean, smart standardization with complexities made simpler and with better information for data-driven decisions that reduces risk and drives down the cost of independent quality testing, development and operations and maintenance. Teams help the enterprise achieve the goal of Team Managed Deployment (TMD) across the enterprise utilizing sophisticated processes and solutions. The QSTAG contract will purchase information technology services only – i.e., information technology hardware and software are outside the scope of this contract.

• Testing
  • Continue to automate existing product/service-level integration testing (e.g. form-type, business initiative, etc.) across multiple domains, systems and services within the CI/CD pipeline resulting in quick feedback to delivery teams on anomalies, diagnostic and root- cause analysis. Evaluate code to identify technical debt in order to provide early feedback to delivery teams. Product/Service-level testing covers functional, performance, and accessibility (508 Compliance) testing types. Establish sound testing practices that extend to the end-user community both internal and external to the agency through End- User Testing facilitation and/or product demonstration. Efficiently, in automated way wherever possible, verify and validate the Applications and Services are compatible with other components and promote cross-use and continuous functionality within the established DHS and/or USCIS enterprise architecture.
  • Expected outcomes:
    • Test strategy to support products across USCIS
    • Increased product-level quality and observability of systems and services
    • System performance related issues within systems and services are quickly diagnosed
    • Increased improvements in environment design, deployment and database stability, automated provisioning
    • Improved performance testing practices in the CI/CD pipelines
    • Increased efficiency with automated test scripts across programs
    • Increased feedback to engineering teams with continuous monitoring, including technical debt
    • Enablement of automated, self-service quick feedback cycle between end users and delivery teams
    • End-user validation of business value delivered through the product implementation
    • Strengthened trust from end-user community on the quality of product and reliability of data
    • Strategic Agile Compatibility and Interoperability testing approaches that ensure thorough validation within optimal testing timeframes
    • Continuous feedback reporting approach for all anomalies uncovered during testing that provides real-time information and details to the engineering and delivery teams
    • Sustainable and maintainable Agile/DevSecOps delivery and engineering practices with continuous compatibility checks built into the CI/CD pipeline
• RPA and ML Engineering
  • Apply RPA and ML engineering to streamline repetitive tasks and enhance decision-making capabilities within DevSecOps workflows, technical governance processes, testing and/or any other areas of demand resulting in improved operational efficiency across the agency.
  • Expected outcomes:
    • Reduction in cycle times for tasks related to all aspects of DevSecOps
    • Reduction in resources and costs via automation and insights
    • Increased automation coverage in development and testing efforts
    • Improved automation and accuracy to enhance technical governance capabilities
    • Improved data and information visibility
    • Increased ability to make meaningful decisions faster with improved data driven decision making
    • Application of cutting-edge machine learning (ML) technology for monitoring and producing meaningful reports
• DevSecOps Teams
  • Engineering
    • Establish best practices in DevSecOps that disseminates data, fosters collaboration, and promotes mature ideas and solutions within the organization. Provide a collection of IT DevSecOps engineering services for the USCIS OIT programs in order to facilitate Agile and DevSecOps best practices and forward-thinking solutions.
    • Expected outcomes:
      • Establishment of agency wide DevSecOps best practices, principles, and guidelines supporting Agile and DevOps practices
      • Improvement of services (e.g., CI/CD pipelines, integration points, environments, infrastructure, 3rd party services), agile techniques, practices and processes
      • Maintainable, scalable, operable, high-performing, and continuously improving architecture, platform, and framework designs/reference implementations
      • Better utilization of USCIS produced enterprise tools such as USCIS Backstage, Container Compliance Dashboard (CCD), Enterprise Ready Deployment Services (ERDS), Common Microservices Initializer (CMI), etc.
      • Reduced duplication of effort and increase adoption leveraging existing solutions
      • Simplified, decomposed, decoupled and refactored applications for high scalability and faster deployments (e.g. serverless, microservices, containers, pipelines, etc.)
      • Reduced dependencies upon proprietary software and achieve technology agnostic-state
      • Elevated observability of systems via continuous research, incubation and experiment of new and emerging tools and technologies
      • Measurable improvements in infrastructure automation through standard reusable environment configurations, pipelines, and deployment orchestration
• Application Security
  • Identify threats and measure potential vulnerabilities in systems, applications and services in a highly integrated environment comprised of various tools, technology and CI/CD pipelines.
  • Expected outcomes:
    • Integrated and standard security, controls and gates within CI/CD pipelines across the enterprise
    • Securely deployed applications meet Zero Trust goals in Applications and Workloads realm
    • Reduced vulnerability and improved security posture across the enterprise
    • Automated security testing and continuous scanning across all applications, systems, environments, services and dependencies
    • Integrated security standards that ensure common practices and compliance are implemented
    • Improved Applications and Workloads security posture across the enterprise
• Technical Governance Teams
  • Team Managed Deployment
    • Continued delivery of software applications and services through Team Managed Deployment (TMD), which is a strategic process that results in enhanced efficiency, speed, and security by integrating best practices to enable faster, high-quality software deployments while reducing rollbacks, enhancing compliance, cutting costs, and eliminating redundancy across the USCIS enterprise. It also streamlines horizontal delivery and prepares teams for approval to deploy without multiple manual reviews, ensuring seamless, secure deployments that support the administration’s immigration efforts.
    • Expected outcomes:
      • Increased Efficiency via faster, automated deployments across the agency to reduce time to make applications available for end users
      • Enhanced Security and Compliance via integrated checks that lower risks and ensure regulatory adherence
      • Improved Quality via consistent processes that lead to reliable, high-quality releases across the enterprise
      • Improved Horizontal Delivery, cross-team collaboration for scalable, efficient solutions
  • Performance Metric Reporting
    • Provide automated performance metrics and reporting that support data-driven decision making and corroboration for quality, delivery and testing of systems/applications agency wide.
    • Expected outcomes:
      • Increased visibility and transparency of products and portfolios in accordance with USCIS policies
      • Improved and automated feedback loops for continuous improvement
      • Automated governance and standardization of engineering and delivery practices
  • Section 508 Testing
    • Subject matter expertise delivered by certified DHS Trusted Testers (TTv4 or TTv5+) who are expected stay current with latest standards, training and certification and are responsible for reviewing, assessing, and documenting accessibility compliance/noncompliance across agency Information and Communication Technology (ICT) – specifically focused on operating systems for PCs and Macbooks – in support of the USCIS Section 508 Coordinator. Supporting activities take place across several parts of the Quality Assurance process & SELC. Reports of noncompliance result in fixes within structured timelines that improve the agency’s required accessibility stance.
    • Expected outcomes:
      • Discovery and reporting of USCIS system compliance and noncompliance with federal, DHS and USCIS Section 508 policies, standards and procedures • Recommendations and actions implementing and supporting continual improvement of USCIS Section 508 compliance
      • Automated functional accessibility testing
      • Expert consultation and education for development teams and testers to improve their knowledge on Section 508 standards and best practices, guidance, DHS approved 508 automation tools and accessibility tools, etc.
      • Provide independent review for Section 508 sample testing for both audit and consults
      • Section 508 testing for other projects as designated
      • Program monitoring, metrics and status Utilize and improve on existing reporting tool(s) created for Section 508 audits
• Program Management
  • Provide program management activities needed to support this task order. The Contractor will be responsible for resource allocation/assignments, scheduling and status reporting and tracking costs by release.
  • Expected outcomes:
    • Increased transparency within government-contractor team
    • Increased and timely communication and reporting across team
    • Produce streamlined, cost effective and efficient solutions, and evolving staffing mixes throughout the contract
• Verification System Testing
  • Provide functional, performance, interoperability and accessibility (508 Compliance) testing for Verification System to support user acceptance/end user testing, and execution of additional testing during development lifecycles for services/systems supporting the Verification program. Automate Verification Program product integration testing within the CI/CD pipeline to enable a quick feedback mechanism for delivery teams on anomalies, diagnostic and root-cause analysis. Evaluate code to identify technical debt in order to provide early feedback to delivery teams.
  • Expected outcomes:
    • Test strategy to support product driven design
    • Increased product quality
    • Increased observability of Verification system and services
    • Performance issues within system and services are quickly diagnosed
    • Increased improvements in environment design, deployment and database stability, automated provisioning
    • Support improvements in network design and latency
    • Improved performance testing practices in the CI/CD pipelines
    • Increased improvements with automated test reports
    • Improved code quality and coverage by moving the quality and security to automated tools
    • Increased feedback to engineering teams with continuous monitoring to include technical debt
    • Improved efficiency via continuously refined automated review processes
    • Enablement of automated, self-service quick feedback cycle between end users and delivery teams
    • End-user validation of business value delivered through the product implementation
    • Strengthened trust from end-user community on the quality of product and reliability of data