U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Project Description

Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps

Date Published: November 2022

Author(s)

Murugiah Souppaya (NIST), Michael Ogata (NIST), Paul Watrobski (NIST), Karen Scarfone (Scarfone Cybersecurity)

Abstract

Keywords

cloud-native technology; cybersecurity supply chain risk management; DevOps; DevSecOps; secure software development; Secure Software Development Framework (SSDF); supply chain security
Control Families

Assessment, Authorization and Monitoring; System and Services Acquisition; System and Communications Protection; System and Information Integrity

Documentation

Publication:
Project Description (pdf)

Supplemental Material:
Project homepage

Document History:
07/21/22: Project Description (Draft)
11/09/22: Project Description (Final)