Download Publication

DevSecOps - Pillar 4 Bridging Compliance and Development
Release Date: 02/08/2022
Working Group: DevSecOps
Overview
This document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be embedded, automated, measured, and tested in a transparent and easily understood way.
Backstory
This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.
This document continues the DevSecOps Six Pillars series, with a particular focus on how we can automate compliance, and have it better relate to security requirements. Historically compliance requirements have quickly become outdated, as they are managed separately from the code they relate to. Turning those requirements into automated equivalents help keep them relevant as applications and infrastructure evolve.
Keywords, Takeaways
- DevSecOps
- Security compliance
- Compartmentalization
- Collective responsibility
- Software development
- Secure development lifecycle (SDLC)
- Continuous assessment
- “as-Code” model (Infrastructure-as-Code, Compliance-as-Code, Policy-as-Code, etc)
Download this Resource
Acknowledgements

Michael Roza
Risk, Audit, Control and Compliance Professional
Michael Roza
Risk, Audit, Control and Compliance Professional
Since 2012 Michael has contributed to over 75 CSA projects completed by CSA's Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, Software-Defined Perimeter, Applications, Containers, and Microservices, and other working groups. In, 2020 he also served as co-chair to CSA's Enterprise Architecture and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, S...
Are you a research volunteer? Request to have your profile displayed on the website here.