Version 1.0, published 12 August 2019, this DoD Enterprise DevSecOps Reference Design describes the DevSecOps lifecycle, supporting pillars, and DevSecOps ecosystem; lists the tools and activities for DevSecOps software factory and ecosystem; introduces the DoD enterprise DevSecOps container service that provides hardened DevSecOps tools and deployment templates to the program application DevSecOps teams to select; and showcases a sampling of software factory reference designs and application security operations. This DoD Enterprise DevSecOps Reference Design provides
implementation and operational guidance to Information Technology (IT) capability providers, IT capability consumers, application teams, and Authorizing Officials.
Most people don’t realize that security frameworks have plenty of controls in common. Businesses spend a needless amount of time and money duplicating security process in order to comply with each framework. In the attached document from Tugboat Logic, you’ll see where different security frameworks overlap. That way, you can build a sophisticated compliance program for less by collecting evidence once, and applying it to many frameworks.