Integrating Zero Trust and DevSecOps

Abstract

Zero Trust (ZT) and DevSecOps are popular strategies that leverage automation to execute organizational processes and workflows. ZT is a security strategy that uses policy to enforce explicit trust between subjects and resources. DevSecOps is a development strategy that combines tools and agility to continuously develop and operate software. Both strategies are interdependent and require balancing concerns of how services, data, and infrastructure must be shared to achieve efficiency, cost effectiveness, and risk mitigation for continuous authority to operate (cATO). A mission thread which focuses on the lifecycle of an application being developed within a DevSecOps environment is used to provide the context for this discussion.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2021
Accession Number
AD1145432

Entities

People

  • Carol C. Woody
  • Geoffrey Sanders
  • Nataniel Richmond
  • Timothy Morrow

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Artificial Intelligence
  • Authentication
  • Commerce
  • Computer Access Control
  • Computer Programming
  • Computer Programs
  • Computers
  • Configuration Management
  • Contracts
  • Cybersecurity
  • Data Centers
  • Department Of Defense
  • Detection
  • Engineering
  • Situational Awareness
  • Software Development
  • Software Development Tools
  • Software Testing
  • United States

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design