Cloud 101CircleEventsBlog
Take the Understanding Data Risk Survey to help shape the future of data security!

Download Publication

DevSecOps - Pillar 4 Bridging Compliance and Development - Chinese Translation
DevSecOps - Pillar 4 Bridging Compliance and Development - Chinese Translation

DevSecOps - Pillar 4 Bridging Compliance and Development - Chinese Translation

Release Date: 11/13/2023

Working Group: DevSecOps

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected].



Overview

This document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be embedded, automated, measured, and tested in a transparent and easily understood way.



Backstory

This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.



Keywords, Takeaways

DevSecOps
Security compliance
Compartmentalization
Collective responsibility
Software development
Secure development lifecycle (SDLC)
Continuous assessment
“as-Code” model (Infrastructure-as-Code, Compliance-as-Code, Policy-as-Code, etc)
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources
The Six Pillars of DevSecOps: Measure, Monitor, Report, and Action
The Six Pillars of DevSecOps: Measure, Monitor,...
The Six Pillars of DevSecOps - Collaboration and Integration
The Six Pillars of DevSecOps - Collaboration an...
The Six Pillars of DevSecOps - Pragmatic Implementation
The Six Pillars of DevSecOps - Pragmatic Implem...
Six Key Use Cases for Continuous Controls Monitoring
Six Key Use Cases for Continuous Controls Monitoring
Published: 10/23/2024
Rowing the Same Direction: 6 Tips for Stronger IT and Security Collaboration
Rowing the Same Direction: 6 Tips for Stronger IT and Security Coll...
Published: 10/16/2024
Secure by Design: Implementing Zero Trust Principles in Cloud-Native Architectures
Secure by Design: Implementing Zero Trust Principles in Cloud-Nativ...
Published: 10/03/2024
Elevating Application Security Beyond “AppSec in a Box”
Elevating Application Security Beyond “AppSec in a Box”
Published: 10/02/2024
Smart SOC 2: Automating Compliance with Drata and AWS
Smart SOC 2: Automating Compliance with Drata and AWS
November 12 | Online
6 Key Requirements to Multicloud Security
6 Key Requirements to Multicloud Security
November 13 | Online
Cloud Security Reimagined: Bridging the Cloud – DevSecOps - Applica...
December 4 | Online
Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training