Download Publication

DevSecOps - Pillar 4 Bridging Compliance and Development
Release Date: 02/08/2022
Working Group: DevSecOps
This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.
- DevSecOps
- Security compliance
- Compartmentalization
- Collective responsibility
- Software development
- Secure development lifecycle (SDLC)
- Continuous assessment
- “as-Code” model (Infrastructure-as-Code, Compliance-as-Code, Policy-as-Code, etc)
Download this Resource
Prefer to access this resource without an account? Download it now.
Related Resources
Acknowledgements

Michael Roza
Head of Risk, Audit, Control and Compliance
Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Roupe Sahans
DevSecOps Leader
Roupe leads DevSecOps delivery and thought leadership for technology and media clients embracing digital transformation.
Roupe started his DevOps journey in 2016, building containerised microservices on AWS for government platforms. He has since been working with engineers to c-suite executives to embed security and resilience into digital products, secure cloud services, and reduce cyber technical-debt.
Most recently Roupe ha...

Ashleigh Buckingham
This person does not have a biography listed with CSA.
.jpg/)
Chris Hughes
Co-Founder and CISO at Aquia
Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of...