search menu icon-carat-right cmu-wordmark

Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments

Technical Report
This Technical Report provides guidance to projects interested in implementing DevSecOps (DSO) in defense or other highly regulated environments, including those involving systems of systems.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2020-TR-002
DOI (Digital Object Identifier)
10.1184/R1/12363770.v1

Abstract

DevSecOps (DSO) is an approach that integrates development (Dev), security (Sec), and delivery/operations (Ops) of software systems to reduce the time from need to capability and provide continuous integration and continuous delivery (CI/CD) with high software quality. The rapid acceptance and demonstrated effectiveness of DSO in software system development have led to proposals for its adoption in more complex projects. This document provides guidance to projects interested in implementing DSO in defense or other highly regulated environments, including those involving systems of systems.

The report provides rationale for adopting DSO and the dimensions of change required for that adoption. It introduces DSO, its principles, operations, and expected benefits. It describes objectives and activities needed to implement the DSO ecosystem, including preparation, establishment, and management. Preparation is necessary to create achievable goals and expectations and to establish feasible increments for building the ecosystem. Establishing the ecosystem includes evolving the culture, automation, processes, and system architecture from their initial state toward an initial capability. Managing the ecosystem includes measuring and monitoring both the health of the ecosystem and the performance of the organization. Additional information on the conceptual foundations of the DSO approach is also provided.

Cite This Technical Report

Morales, J., Turner, R., Miller, S., Capell, P., Place, P., & Shepard, D. (2020, April 8). Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments. (Technical Report CMU/SEI-2020-TR-002). Retrieved March 4, 2024, from https://doi.org/10.1184/R1/12363770.v1.

@techreport{morales_2020,
author={Morales, Jose and Turner, Richard and Miller, Suzanne and Capell, Peter and Place, Patrick and Shepard, David},
title={Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments},
month={Apr},
year={2020},
number={CMU/SEI-2020-TR-002},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12363770.v1},
note={Accessed: 2024-Mar-4}
}

Morales, Jose, Richard Turner, Suzanne Miller, Peter Capell, Patrick Place, and David Shepard. "Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments." (CMU/SEI-2020-TR-002). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, April 8, 2020. https://doi.org/10.1184/R1/12363770.v1.

J. Morales, R. Turner, S. Miller, P. Capell, P. Place, and D. Shepard, "Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2020-TR-002, 8-Apr-2020 [Online]. Available: https://doi.org/10.1184/R1/12363770.v1. [Accessed: 4-Mar-2024].

Morales, Jose, Richard Turner, Suzanne Miller, Peter Capell, Patrick Place, and David Shepard. "Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments." (Technical Report CMU/SEI-2020-TR-002). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 8 Apr. 2020. https://doi.org/10.1184/R1/12363770.v1. Accessed 4 Mar. 2024.

Morales, Jose; Turner, Richard; Miller, Suzanne; Capell, Peter; Place, Patrick; & Shepard, David. Guide to Implementing DevSecOps for a System of Systems in Highly Regulated Environments. CMU/SEI-2020-TR-002. Software Engineering Institute. 2020. https://doi.org/10.1184/R1/12363770.v1