Cloud 101CircleEventsBlog
Call for Presentations: Share your expertise at SECtember.ai 2024! Submit your proposals by June 28th.

Download Publication

DevSecOps - Pillar 4 Bridging Compliance and Development - Chinese Translation
DevSecOps - Pillar 4 Bridging Compliance and Development - Chinese Translation

DevSecOps - Pillar 4 Bridging Compliance and Development - Chinese Translation

Release Date: 11/13/2023

Working Group: DevSecOps

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected].



Overview

This document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be embedded, automated, measured, and tested in a transparent and easily understood way.



Backstory

This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.



Keywords, Takeaways

DevSecOps
Security compliance
Compartmentalization
Collective responsibility
Software development
Secure development lifecycle (SDLC)
Continuous assessment
“as-Code” model (Infrastructure-as-Code, Compliance-as-Code, Policy-as-Code, etc)
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources
The Six Pillars of DevSecOps: Measure, Monitor, Report, and Action
The Six Pillars of DevSecOps: Measure, Monitor,...
The Six Pillars of DevSecOps - Collaboration and Integration
The Six Pillars of DevSecOps - Collaboration an...
The Six Pillars of DevSecOps - Pragmatic Implementation
The Six Pillars of DevSecOps - Pragmatic Implem...
How a CNAPP Can Take You from Cloud Security Novice to Native in 10 Steps
How a CNAPP Can Take You from Cloud Security Novice to Native in 10...
Published: 06/25/2024
The Human Element in AI-Enhanced SOCs
The Human Element in AI-Enhanced SOCs
Published: 06/10/2024
What is ASPM?
What is ASPM?
Published: 05/28/2024
Mastering Secure DevOps with Six Key Strategies
Mastering Secure DevOps with Six Key Strategies
Published: 05/24/2024
Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training