2 templates mapped to NIST Secure Software Development Framework (SSDF).
Enterprise-grade DevSecOps policy establishing security integration throughout the software development lifecycle. Covers CI/CD pipeline security, automated security testing (SAST, DAST, SCA), Infrastructure as Code security, secrets management, security champions programs, and threat modeling. Aligned with NIST SSDF, OWASP SAMM, and modern secure development practices.
Enterprise-grade software supply chain security policy addressing modern threats like SolarWinds, Log4j, and dependency confusion attacks. Covers SBOM requirements (SPDX/CycloneDX), build pipeline security (SLSA Framework), artifact signing (Sigstore), open source security controls, and vendor risk assessment. Aligned with Executive Order 14028, NIST SSDF, and 2025/2026 supply chain regulations.