Hi All,
NIST just published for comment NIST SP 800-204C, Implementation of DevSecOps for a Microservices-based Application with Service Mesh
The newest generation of software applications-"cloud-native applications"-is a class with various functional layers, such as transaction logic, application services, infrastructure resources, policy enforcement, and monitoring of states. The unique architecture of this application class requires a more agile software life cycle paradigm, and DevSecOps (development, security, and operations) offers faster deployment and updates while integrating security throughout the life cycle.
Draft NIST SP 800-204C provides guidance for the implementation of DevSecOps primitives for a reference platform hosting a cloud-native application with the functional layers described above. The guidance also discusses the benefits of this approach for high security assurance and enabling continuous authority to operate (C-ATO).
A public comment period for this document ends on November 1, 2021. See the publication details for a copy of the document and instructions for submitting comments.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------