Download Publication
DevSecOps - Pillar 4 Bridging Compliance and Development - Chinese Translation
Release Date: 11/13/2023
Working Group: DevSecOps
This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected].
Overview
This document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be embedded, automated, measured, and tested in a transparent and easily understood way.
Backstory
This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.
Keywords, Takeaways
DevSecOps
Security compliance
Compartmentalization
Collective responsibility
Software development
Secure development lifecycle (SDLC)
Continuous assessment
“as-Code” model (Infrastructure-as-Code, Compliance-as-Code, Policy-as-Code, etc)
Overview
This document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be embedded, automated, measured, and tested in a transparent and easily understood way.
Backstory
This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.
Keywords, Takeaways
DevSecOps
Security compliance
Compartmentalization
Collective responsibility
Software development
Secure development lifecycle (SDLC)
Continuous assessment
“as-Code” model (Infrastructure-as-Code, Compliance-as-Code, Policy-as-Code, etc)
Download this Resource
Prefer to access this resource without an account? Download it now.
Are you a research volunteer? Request to have your profile displayed on the website here.
Interested in helping develop research with CSA?
Related Certificates & Training
CSA's Cloud Infrastructure Security training provides a high-level introduction to the most critical cloud security topics through virtual self-paced courses. Each Cloud Infrastructure Security training focuses on a specific area of cloud computing, and is design to be succinct, taking one-hour to complete.
Learn more