Findings and Core Practices in the Domain of CI/CD and DevOps on Security Compliance (original) (raw)

Strategic Approaches to Digital Platform Security Assurance, 2021

Abstract

In this chapter, the authors describe the findings and conclusions on “The SecDevOps Capability Artifact.” It is validated by means of an extensive academic literature review and interviews with multiple domain experts and practitioners. An additional validation was performed by comparing the findings of this study with high-level implementation and operational guidance of the DoD enterprise DevSecOps reference design report. The report has as a purpose to describe the DevSecOps lifecycle and supporting pillars, in line with NIST cybersecurity framework, which is a high-level framework building upon specific controls and processes defined by NIST SP 800-53, COBIT 5, and ISO 27000 series. This chapter is concluded with a pragmatic set of core practices academics, and practitioners can use them to ensure security compliance in CI/CD pipelines that ultimately enable teams to work agile on digital platforms.

Yuri Bobbert hasn't uploaded this paper.

Let Yuri know you want this paper to be uploaded.

Ask for this paper to be uploaded.