Chapter 13: Working with DevSecOps Using Industry Security Frameworks
An important artifact in security – and DevSecOps – is security frameworks. There are generic frameworks, such as Center for Internet Security (CIS), but typically, industries must comply with and report about compliancy according to specific industry security standards. These have an impact on the way security is handled within enterprises and therefore in the implementation of DevSecOps.
This chapter will explain the functionality and impact of frameworks and how to incorporate them into DevSecOps. This chapter includes a separate paragraph on the use and value of the MITRE ATT&CK framework since it is becoming more well-known and more widely accepted as a base framework.
After completing this chapter, you will have a good understanding of the most used security frameworks and how the controls of these frameworks can be applied to DevOps.
In this chapter, we're going to cover...