search menu icon-carat-right cmu-wordmark

Integrating Zero Trust and DevSecOps

White Paper
This paper discusses the interdependent strategies of zero trust and DevSecOps in the context of application development.

Software Engineering Institute


Zero trust (ZT) and DevSecOps are popular strategies that leverage automation to execute organizational processes and workflows. ZT is a security strategy that uses policy to enforce explicit trust between subjects and resources. DevSecOps is a development strategy that combines tools and agility to continuously develop and operate software. Both strategies are interdependent and require balancing concerns of how services, data, and infrastructure must be shared to achieve efficiency, cost effectiveness, and risk mitigation for continuous authority to operate (cATO). A mission thread that focuses on the lifecycle of an application being developed within a DevSecOps environment is used to provide the context for this discussion.