The purpose of this workshop is to discuss the National Institute of Standards and Technology’s (NIST’s) proposed approach for helping industry and government improve the security of their DevOps practices. During this workshop, NIST will solicit proposed approaches from the participating organizations and hear from the community about DevSecOps-related topics that NIST could tackle. The findings from the workshop will inform NIST in the creation of new applied guidance to fill any gaps, updates to existing guidance, and potential development of a National Cybersecurity Center of Excellence (NCCoE) project to demonstrate the practices.
Date: Thursday, January 21, 2021
Time: 10 AM to 2 PM EST
View the agenda for this virtual event.
There are many existing security guidance and practices publications from NIST and others, but they have not yet been put into the context of DevOps. Industry, standards developing organizations, and government agencies are currently planning and executing work related to DevSecOps. Leveraging those efforts to provide a community-developed set of recommended practices would help enable organizations to maintain the velocity and volume of software delivery in a cloud-native way and take advantage of automated tools.
NIST would focus its efforts on facilitating communications about DevSecOps among software producers (e.g., commercial-off-the-shelf vendors, government software developers, custom enterprise software developers, open source software developers), operators of the hosting platforms (e.g., enterprise and cloud service providers), and software consumers (e.g., various industry sectors, federal government agencies, other organizations).
About the Workshop
During the workshop, NIST will present its proposed applied risk-based approach for the DevSecOps project. Next, industry and other parties will present their views of the challenges in improving the security of DevOps practices and the ways in which NIST can help organizations address those challenges.
NIST is soliciting presentations from members of the community for the workshop. NIST welcomes their input and perspective, including suggestions of existing approaches, standards, guidance, practices, technology, and tools that could be leveraged. A request to present, including a description (maximum one page) of a 15-minute presentation, should be submitted to firstname.lastname@example.org no later than January 8, 2021.
The workshop is free and open to the public; however, advance registration is required. Please complete this short form by January 15, 2021.
Questions? Please email your questions to email@example.com.