Home | Intelligent Enterprise | NIST CSF | Software Supply Chain and DevOps Security Practices
NextLabs is proud to collaborate with the National Institute of Standards and Technology (National Institute of Standards and Technology) National Cybersecurity Center of Excellence (NIST NCCoE) as part of the Software Supply Chain and DevOps Security Practices Project. This initiative brings together NIST and selected commercial technology providers to develop practical recommendations and reference implementations for embedding security across the software development lifecycle.
Project Scope and Approach
The NCCoE Software Supply Chain and DevSecOps Security Practices Project develops and documents an applied, risk-based approach for secure software development and software supply chain practices. Consistent with the NIST Secure Software Development Framework (SSDF) (NIST SP 800-218) and other government and industry guidance, the project demonstrates how security can be integrated throughout modern DevSecOps workflows—from software development and build processes to packaging, distribution, deployment, and operations.
The project includes representative use cases across multiple technologies, programming languages, and industry sectors, using both commercial and open-source technologies to demonstrate real-world implementation scenarios. As part of this effort, NIST is also consolidating DevSecOps practices into a freely available Cybersecurity Practice Guide to support broader industry adoption.
NextLabs' Contribution
NextLabs is one of 14 vendors participating in the National Cybersecurity Excellence Partnership (NCEP) program with NIST NCCoE. This long-standing collaboration reflects NextLabs’ continued commitment to advancing cybersecurity practices across public and private sectors.
Our contributions focus on Zero Trust Architecture and Data-Centric Security, ensuring that data security and access governance are embedded directly into DevSecOps pipelines.
Key contribution areas include:
- Zero Trust Architecture (ZTA): Continuous verification of users, systems, and access to data across environments
- Policy-Based Access Control (PBAC): Fine-grained, attribute-based enforcement across applications, data, and environments
- Secure Software Development Lifecycle Integration: Embedding security controls throughout all SDLC stages
- Policy Automation: Automating enforcement of governance, security, and compliance requirements
- Data-Centric Security: Protecting sensitive data at rest, in use, and in transit throughout its lifecycle
NextLabs has participated in the NCEP program since 2013 and has contributed to prior NIST publications, including NIST SP 800-162.
Demonstration Highlights
As part of the NCCoE DevSecOps project builds, NextLabs participated in proof-of-concept scenarios demonstrating automated security remediation within a live DevSecOps pipeline.
Security findings generated by integrated scanning tools were automatically converted into actionable development work items. These were then analyzed and remediated through automated, policy-driven workflows integrated into the CI/CD pipeline.
This demonstrates how security and compliance signals can be operationalized within DevSecOps systems, reducing remediation time while improving consistency, traceability, and developer productivity.
NIST NCCoE Secure Software Development (DevSecOps) Virtual Event Series
NextLabs participated in the NIST NCCoE Secure Software Development (DevSecOps) Virtual Event, contributing to discussions on integrating security, Zero Trust principles, and AI-driven automation into DevSecOps pipelines.
The full video series provides additional context on the NCCoE initiative, including implementation approaches and industry perspectives.
Watch the full series:
Playlist
5 Videos
13:07
13:13
3:55
6:06
5:06
Featured Publication: Securing the Software Development Lifecycle (SDLC)
NextLabs contributed to a joint publication with the National Institute of Standards and Technology (National Institute of Standards and Technology) National Cybersecurity Center of Excellence (NIST NCCoE) on strengthening security across the software development lifecycle (SDLC).
The article examines how organizations can strengthen security across the software development lifecycle (SDLC) while maintaining the speed and agility of modern software delivery. Drawing on the NCCoE project (NIST SP 1800-44), it demonstrates how the NIST Secure Software Development Framework (SSDF) (NIST SP 800-218) can be operationalized within DevSecOps environments and explores the role of Zero Trust architectures, AI-enabled security, and Policy-Based Access Control (PBAC) in improving resilience, governance, and data-centric protection throughout the software supply chain.
A Shared Commitment to Secure Innovation
This collaboration with the NCCoE reflects a shared commitment to advancing secure software development practices across industry and government. By combining NIST guidance with real-world implementation, the project provides a practical reference for strengthening software supply chain security while maintaining development velocity.
Read the full press release to learn more about NextLabs’ role in the NCCoE DevSecOps project.
Together, these efforts support broader adoption of DevSecOps principles and help organizations operationalize secure development practices at scale.
