DevSecOps for US Agencies

The US Federal Government is taking new steps to improve transparency in IT products and services in their supply chain. Now NIST has started exploring a possible DevSecOps framework for US agencies.

Deep security controls

In many cases, the IT security controls of agencies are intransparant to the federal agents. Mostly buried deep within the technology stacks. This complicates evidence on security. Through a collaborative DevSecOps framework agencies should get better options to provide transparant proof of security controls.

Quite a challenge

Changing a mindset that has grown over several decades is very tough. Agencies have largely remained in a ‘waterfall’ mindset.  For many of them, DevOps is still in pilot phase for a handful of applications.