Cloud 101
Circle
Events
Blog

Download Publication

DevSecOps - Pillar 4 Bridging Compliance and Development
DevSecOps - Pillar 4 Bridging Compliance and Development

DevSecOps - Pillar 4 Bridging Compliance and Development

Release Date: 02/08/2022

Working Group: DevSecOps

Overview
This document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be embedded, automated, measured, and tested in a transparent and easily understood way.

Backstory
This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.

Keywords, Takeaways
  • DevSecOps
  • Security compliance
  • Compartmentalization
  • Collective responsibility
  • Software development
  • Secure development lifecycle (SDLC)
  • Continuous assessment
  • “as-Code” model (Infrastructure-as-Code, Compliance-as-Code, Policy-as-Code, etc)

Download this Resource

Prefer to access this resource without an account? Download it now.

Acknowledgements

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 85 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Key M...

Read more

Roupe Sahans Headshot Missing
Roupe Sahans

Roupe Sahans

This person does not have a biography listed with CSA.

Ashleigh Buckingham Headshot Missing
Ashleigh Buckingham

Ashleigh Buckingham

This person does not have a biography listed with CSA.

Chris Hughes
Chris Hughes
Co-Founder and CISO at Aquia

Chris Hughes

Co-Founder and CISO at Aquia

Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?