U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NCCoE Releases Draft Project Description for DevSecOps
July 21, 2022

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps. Publication of this project description begins a process to solicit public comments for the project requirements, scope, and hardware and software components for use in a laboratory environment.

We want your feedback on this draft to help refine the project. The comment period is now open and will close on August 22, 2022.

The project will focus initially on developing and documenting an applied risk-based approach and recommendations for secure DevOps and software supply chain practices consistent with the Secure Software Development Framework (SSDF), Cybersecurity Supply Chain Risk Management (C-SCRM), and other NIST, government, and industry guidance. This project will apply these practices in proof-of-concept use case scenarios that are each specific to a technology, programming language, and industry sector. Both commercial and open source technology will be used to demonstrate the use cases. This project will result in a freely available NIST Cybersecurity Practice Guide.

We Want to Hear from You!

Review the project description and submit comments online on or before August 22, 2022. You can also help shape and contribute to this project by joining the NCCoE’s DevSecOps Community of Interest. Send an email to devsecops-nist@nist.gov detailing your interest.

We value and welcome your input and look forward to your comments.

Related Topics

Security and Privacy: cybersecurity supply chain risk management

Technologies: cloud & virtualization, software & firmware

Created July 21, 2022