Integrating Zero Trust and DevSecOps

reportActive / Technical Report | Accesssion Number: AD1145432 | Open PDF

Abstract:

Zero Trust (ZT) and DevSecOps are popular strategies that leverage automation to execute organizational processes and workflows. ZT is a security strategy that uses policy to enforce explicit trust between subjects and resources. DevSecOps is a development strategy that combines tools and agility to continuously develop and operate software. Both strategies are interdependent and require balancing concerns of how services, data, and infrastructure must be shared to achieve efficiency, cost effectiveness, and risk mitigation for continuous authority to operate (cATO). A mission thread which focuses on the lifecycle of an application being developed within a DevSecOps environment is used to provide the context for this discussion.

Author(s):
Sanders, Geoffrey ; Morrow, Timothy ; Richmond, Nataniel ; Woody, Carol
Author Organization(s):
CARNEGIE-MELLON UNIV PITTSBURGH PA
Funding Organization(s):
AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA
Document Type:
Technical Report/Technical Report
Publication Date:
2021 Jul 01
Pagination:
37

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:
A - Approved For Public Release
Distribution Statement: Public Release

RECORD

Collection: TRECMS
Identifying Numbers
Contract Number(s):
FA8702-15-D-0002
Subject Terms
Modernization Areas:
Cyber
Communities of Interest:
Cyber
Descriptor(s):
software development, computer access control, artificial intelligence, computer programming, computer programs, software testing, software development tools, cybersecurity, data centers, department of defense, detection, engineering, situational awareness, authentication, commerce, computers, contracts
Subject Categories:
Mathematical and Computer Sciences; Mathematical and Computer Sciences
Creation Date:
2021 Aug 23
Update Date:
2021 Oct 29