U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST Publishes SP 800-204C, Implementation of DevSecOps for a Microservices-based Application with Service Mesh
March 08, 2022

NIST Special Publication (SP) 800-204C, Implementation of DevSecOps for a Microservices-based Application with Service Mesh, is now available.

The newest generation of software applications – cloud-native applications – has evolved into a standardized architecture of loosely coupled components called microservices that are supported by an infrastructure for providing application services (e.g., service mesh). In this architecture, the entire set of source code involved in the application environment can be divided into five code types: 1) application code, 2) application services code, 3) infrastructure as code, 4) policy as code, 5) and observability as code. The unique architecture of this application class requires a more agile software life cycle paradigm, and DevSecOps (development, security, and operations) offers faster deployment and updates while integrating security throughout the life cycle.

NIST SP 800-204C provides guidance for the implementation of DevSecOps primitives for a reference platform hosting a cloud-native application with the code types listed above. The guidance also discusses the benefits of this approach for high security assurance and enabling continuous authority to operate (C-ATO).

Created March 08, 2022