search menu icon-carat-right cmu-wordmark

Implementing DevOps Practices in Highly Regulated Environments

White Paper
In this paper, the authors layout the process with insights on performing a DevOps assessment in a highly regulated environment.

Software Engineering Institute

Topic or Tag


In this paper, we discuss implementing DevOps practices in highly regulated environments (HREs). DevOps has become a standard option for entities seeking to streamline and increase participation by all stakeholders in their Software Development Lifecycle (SDLC). For a large portion of industry, academia, and government, applying DevOps is a straight forward process. There is, however, a subset of entities in these three sectors where applying DevOps can be very challenging. These are entities mandated by policies to conduct all or a portion of their SDLC activities in HREs. Often, the reason for an HRE is general security and protection of intellectual property. Even if an entity is functioning in a highly regulated environment, its SDLC can still benefit from implementing DevOps as long as the implementation conforms to all imposed policies.

This paper was given at the 2018 International Workshop on Secure Software Engineering in DevOps and Agile Development (SecSE 2018).