Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

DevSecOps

Project Links

Overview News & Updates Events Publications

Publications

The following NIST-authored publications are directly related to this project.

Series & Number	Title	Status	Released
Project Description	Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps	Final	11/09/2022
Project Description	Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps	Withdrawn	07/21/2022
SP 800-207	Zero Trust Architecture	Final	08/11/2020
SP 800-204A	Building Secure Microservices-based Applications Using Service-Mesh Architecture	Final	05/27/2020
CSWP 14	Hardware-Enabled Security for Server Platforms: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases	Withdrawn	04/28/2020
CSWP 13	Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)	Withdrawn	04/23/2020
SP 800-160 Vol. 2	Developing Cyber Resilient Systems: A Systems Security Engineering Approach	Withdrawn	11/27/2019
SP 800-204	Security Strategies for Microservices-based Application Systems	Final	08/07/2019
SP 800-125A Rev. 1	Security Recommendations for Server-based Hypervisor Platforms	Final	06/07/2018
SP 800-190	Application Container Security Guide	Final	09/25/2017
SP 800-125B	Secure Virtual Network Configuration for Virtual Machine (VM) Protection	Final	03/07/2016
SP 800-40 Rev. 3	Guide to Enterprise Patch Management Technologies	Withdrawn	07/22/2013
SP 800-125	Guide to Security for Full Virtualization Technologies	Final	01/28/2011

Project Links

Overview News & Updates Events Publications

Additional Pages

Contacts

DevSecOps inquiries
devsecops-nist@nist.gov

Paul Watrobski

Karen Scarfone

Murugiah Souppaya

Michael Ogata

Group

Computer Security Division

Topics

Security and Privacy: general security & privacy, vulnerability management

Technologies: software & firmware

Related Projects

National Checklist Program
Open Security Controls Assessment Language
Roots of Trust
Secure Software Development Framework
Security Content Automation Protocol
Systems Security Engineering (SSE) Project

Additional Pages

Contacts

DevSecOps inquiries
devsecops-nist@nist.gov

Paul Watrobski

Karen Scarfone

Murugiah Souppaya

Michael Ogata

Group

Computer Security Division

Topics

Security and Privacy: general security & privacy, vulnerability management

Technologies: software & firmware

Related Projects

National Checklist Program
Open Security Controls Assessment Language
Roots of Trust
Secure Software Development Framework
Security Content Automation Protocol
Systems Security Engineering (SSE) Project

Created October 21, 2020, Updated October 05, 2023