U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


Existing Work to Leverage

NIST will leverage existing guidance, practices, and recommendations that may be applicable to DevSecOps. They have been and are being developed by NIST and other US government (USG) agencies, standards development organizations (SDOs), industry, and academia. NIST will also develop mappings to existing informative references to ensure the relationships among frameworks, guidance, practices, and recommendations are clear.

NIST held a virtual workshop in January 2021 on improving the security of DevOps practices; you can access the workshop recording and materials here.

Potential work that can be leveraged includes:

NIST Frameworks

NIST Technology Projects

NIST Technology Guidelines

Government, Industry, and Academia Guidance and Practices

Created October 21, 2020, Updated September 07, 2022