NextLabs Collaborates with NIST’s National Cybersecurity Center of Excellence (NCCoE) on “Software Supply Chain and DevOps Security Practices Project”

We are proud to announce NextLabs’ collaboration with the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) as part of their Software Supply Chain and DevOps Security Practices Project. This collaboration between NIST and commercial vendors will provide practical recommendations and example implementations for building security into every phase of the software development lifecycle, from planning to deployment.

The National Cybersecurity Excellence Partnership (NCEP) program is an ongoing collaborative partnership between U.S. companies and NIST’s NCCoE with the potential to advance the state of cybersecurity practice. This program fosters rapid adoption and broad deployment of integrated cybersecurity tools and techniques that enhance consumer confidence in U.S. information systems.  NextLabs has been an active contributor to the NCEP program since 2013, previously collaborating on NIST publications such as NIST SP 800-162.

To help improve the security of DevOps practices, the NCCoE DevSecOps project will focus initially on developing and documenting an applied risk-based approach and recommendations for secure DevOps and software supply chain practices consistent with the Secure Software Development Framework (SSDF), and other NIST, government, and industry guidance. DevSecOps helps ensure that security is addressed as part of all DevOps practices by integrating security practices and automatically generating security and compliance artifacts throughout the process, including software development, builds, packaging, distribution, and deployment.

This project will apply these DevSecOps practices in proof-of-concept use case scenarios that will each be specific to a technology, programming language, and industry sector. Both commercial and open-source technology will be used to demonstrate the use cases. Also, as part of this project, NIST will bring together and normalize content on DevSecOps practices from existing guidance and practices publications.

NextLabs has been named as one of 14 vendors to collaborate with NIST’s NCCoE on developing and documenting an applied risk-based approach and recommendations for secure DevOps and software supply chain practices consistent with the Secure Software Development Framework (SSDF), and other NIST, government, and industry guidance. DevSecOps helps ensure that security is addressed as part of all DevOps practices by integrating security practices and automatically generating security and compliance artifacts throughout the process, including software development, builds, packaging, distribution, and deployment.

NextLabs’ Contribution

NextLabs’ contributions to the project are primarily focused on the areas of Zero Trust Architecture and Data-Centric Security, ensuring that data security and access governance are foundational elements of the software development pipeline.

Specific areas where we are contributing include:

• Zero Trust Architecture to protect data and resources whenever and wherever they are accessed
• Policy-Based Access Control (PBAC) to govern access to data, applications, and environments
• Secure environments at every stage of the Software Development Lifecycle
• Policy automation to consistently enforce compliance and internal controls across environments
• Data-centric protections that protect data throughout its lifecycle, at rest, in use, and on the move.

A Shared Commitment to Secure Innovation

Our work with the NCCoE as part of the NCEP reflects NextLabs’ ongoing commitment to supporting government and industry in solving today’s toughest cybersecurity challenges. This NIST NCCoE project will provide more than a set of recommendations—it is a blueprint for how public and private sector leaders can work together to secure the future of software development.

We invite our customers, partners, and the broader DevOps security community to review the details of the project and learn how to apply its principles in their own environments.

Read the NIST announcement and check out the full details on the project: Software Supply Chain and DevOps Security Practices.