The United States federal government, much like in industry, is moving toward cloud adoption, Devsecops and microservices-based architectures for cloud-native applications. The National Institute of Standards of Technology (NIST) is tasked with promoting innovation and providing standards and guidance to industry to facilitate best practices.
[ Learn the 7 most common ways to fail at devsecops. | Get the latest from CSO by signing up for our newsletters. ]
In that vein, NIST released in late September Implementation of devsecops for a Microservices-based Application with Service Mesh (800-204C), which provides comprehensive guidance for implementation of devsecops and using reference platforms to host cloud-native applications in a microservices architecture using a service mesh. The document, currently in draft form, was created in collaboration with former US Air Force Chief Software Officer Nicholas Challain and individuals from service mesh leader Tetrate.
The guidance uses the concepts of primitives, which can be thought of as building blocks for successful devsecops implementations, as they relate to devsecops. It makes the case that devsecops primitives are best suited for microservices-based applications that allow agile development. It also supports the notion that devsecops facilitates the business agility requirements demanded by cloud-native applications.
Here’s an analysis of what’s in each section of the NIST guidance.
To continue reading this article register now
Learn More   Existing Users Sign In
Copyright © 2021 IDG Communications, Inc.


You May Also Like

Key takeaways from CSA’s SaaS Governance Best Practices guide

SaaS governance and security is gaining attention among IT and security leaders.…

Qualys adds external attack management capability to cloud security platform

Cloud security and compliance software company Qualys on Wednesday announced it is…