Get the Best GovCon News Straight to your Inbox

Future Trends

Government Agencies Share Best Practices for CI/CD Cloud Security

Cybersecurity information


Government Agencies Share Best Practices for CI/CD Cloud Security

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have issued guidelines on implementing best practices to protect DevOps continuous integration/continuous delivery environments in the cloud.

In a cybersecurity information sheet, the two agencies prescribe development tools and proper authentication and access methods to properly harden CI/CD pipelines, which are processes meant to ensure that security and automation are applied throughout development.

Ethan Givens, technical director of critical and emerging technologies at NSA, explained that insufficient protection for CI/CD pipelines provides an opening for attackers to evade security policies and products.

Such malicious actors can obtain access to information, intellectual property or trade secrets, NSA said.

The agency defines DevOps as an approach that enables faster and continuous production and delivery of software at a high quality. CI/CD pipelines are an element of DevSecOps, an evolution of DevOps focused on applying security and automation principles at every stage of software development.

NSA and CISA have collaborated in the past on DevSecOps guidance. The two agencies and the Office of the Director of National Intelligence published a paper in 2022 detailing how developers can secure the software supply chain.

GovCon Wire Logo

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Future Trends

Category: Future Trends

Tags: continuous integration continuous delivery Cybersecurity and Infrastructure Security Agency cybersecurity information sheet DevOps Ethan Givens Future Trends National Security Agency