The National Cybersecurity Center of Excellence (NCCoE) has released an Initial Public Draft outlining their planned guide on Development, Security, and Operations (DevSecOps) practices. This draft represents their vision for helping organizations integrate security throughout their software development lifecycle.
Planned Key Components:
- Will provide a notional reference model for implementing DevSecOps practices
- Intends to emphasize zero trust security architecture integration
- Plans to offer practical methodology for organizations seeking to enhance their software security posture
- Being developed by NIST's National Cybersecurity Center of Excellence as part of their ongoing cybersecurity initiatives
Target Audience: IT professionals, security teams, software developers, and organizational leadership responsible for secure software development practices.
Expected Outcomes: The final document aims to outline actionable steps for organizations to begin implementing or improving their DevSecOps capabilities. This may be a future helpful resource for both beginners and those looking to mature their existing practices. It's tied to other initiatives from EOs and has some industry momentum that might not be apparent. It's a rising frustration that I think will see more attention over the next year.
