NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments

Home / Articles / External / Government

Source: https://media.defense.gov/2023/Jun/28/2003249438/-1/-1/0/230628-D-IM742-2023.JPG
Source: https://media.defense.gov/2023/Jun/28/2003249438/-1/-1/0/230628-D-IM742-2023.JPG

July 11, 2023 | Originally published by NSA on June 28, 2023

Software development and delivery supply chains are attractive targets for malicious cyber actors. They can use these environments to compromise cloud deployments throughout the automated software development and delivery life cycle.

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are publicly releasing a Cybersecurity Information Sheet (CSI) – “Defending Continuous Integration/Continuous Delivery (CI/CD) Environments” to provide recommendations for integrating security best practices into typical software development and operations (DevOps) CI/CD environments. The agencies encourage organizations to use the best practices to harden their CI/CD cloud deployments.