Chapter 13: Working with DevSecOps Using Industry Security Frameworks

An important artifact in security – and DevSecOps – is security frameworks. There are generic frameworks, such as Center for Internet Security (CIS), but typically, industries must comply with and report about compliancy according to specific industry security standards. These have an impact on the way security is handled within enterprises and therefore in the implementation of DevSecOps.

This chapter will explain the functionality and impact of frameworks and how to incorporate them into DevSecOps. This chapter includes a separate paragraph on the use and value of the MITRE ATT&CK framework since it is becoming more well-known and more widely accepted as a base framework. ...

Get Enterprise DevOps for Architects now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Enterprise DevOps for Architects by Jeroen Mulder

Chapter 13: Working with DevSecOps Using Industry Security Frameworks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly