DoD Enterprise DevSecOps Strategy Guide : Department of Defense , September , 2021
From the document: "Many programs and missions across the Department of Defense (DoD) lack software development practices that meet industry standards for agility. The majority of current cybersecurity frameworks (NIST Cybersecurity Framework, ODNI Cyber Threat Framework, NSA/CSS Technical Cyber Threat Framework v2 (NTCTF), MITRE ATT&CK, etc.) focus predominately on post-production deployment attack surfaces. Furthermore, every release cycle is perceived as an uphill battle between development teams that attest to functionality, operational test and evaluation teams trying to confirm specific functionality, operations teams struggling to install and operate the product, and security teams bolting on protection mechanisms as an afterthought. To deliver resilient software capability at the speed of relevance the department needs to implement strategies that focus on cybersecurity and survivability across the development process. The DoD isn’t alone in this journey; industry has already minimized deployment friction through a cultural shift to DevSecOps (development, security, and operations)."
Authors - Department of DefenseRelated Resources