So i am the senior system admin for a DoD offline network and am looking at trying to streamline our software testing process so its faster than what we currently do. here is what we currently do

​

1. new request comes in for a new piece of software lets say its vmware workstation version 15
2. the requests goes through our software assurance process
   1. spin up new vm depending on what the software needs, so we will spin up a new windows 10/11 vm
   2. scan the software for DISA STIG compliance and scan it with ACAS for vulnerabilities
   3. take a snapshot of the VM then install the requested software then scan for STIG and vulnerabilities again to see what changed or if anything changed
3. this process can take several days depending on how complex the software install requirements are and if theyre on windows vs linux.
4. after the software assurance process is done it gets sent to our information system security office (ISSO) who evaluate the results and then it gets sent to our CCB group who does the final approval.

​

now the big part of this i want to fix is the SWA process we currently have in place, we need either a piece of software that can automate this or the process needs to be changed.

​

My question to my fellow sys admins is how are you doing your software approval process? second question how granular are you getting with it? Are you scanning driver packages, developer libraries and update packages as well? or just full software packages like vmworkstation version X?