Select Page
by

Shashank Srivastava

|
Aug 23, 2023
last updated on August 29, 2023
Share

In addition to my blog on SDLC Compliance Management With CI/CD Policy Enforcement, I wanted to provide second level details on the available list of compliance rules and policies that can be leveraged using OpsMx Secure Software Delivery. 

OpsMx Secure Software Delivery is designed to monitor and enforce compliance with a broad range of security and application policies.  This includes policies across disciplines (security, compliance, change management, etc.), across domains (organization-wide, individual pipelines, individual applications) and across the software lifecycle (Dev, Build, Test, Deploy).

OpsMx policies map directly to common industry policy frameworks, particularly given that many policies are common across these frameworks. These include:

  • NIST-800-53 Policies 
  • SOC 2
  • GDPR
  • CIS Benchmarks
  • SLSA Level 1-4

We can share a specific list of compliance rules from these frameworks upon request. 

Are you looking to define Policies to better manage and adhere to Compliances?

OpsMx focuses on delivery and deployment as the best point for management and enforcement for policies.  While there may be very different development processes and tools sets across teams, at some point every application needs to be deployed.  This focus means that OpsMx is positioned to enforce policies that are not well covered by other tools, such as:

  • Code Security – Code to be deployed has been scanned by SAST and no high severity issues are present.
  • Artifact Integrity and Attestation – At time of deployment the checksum of the artifact being deployed matches the checksum of the artifact when it was built.
  • Pipeline Controls – Changes to deployment pipeline can only be made by authorized users.

Pre-defined standard policies can be supplemented with organization-specific policies that can be custom created by end-user organizations or Infosys.  In addition OpsMx is currently testing our “Policy Genie” that uses generative AI to convert desired policies into Rego code. 

 

Please contact us or talk to our Top Secure CD Expert to understand and obtain a comprehensive list of specific rules or obtain a roadmap of compliance rules if you have a custom requirement. There’s a specific roadmap being implemented as I write this post and the list is continuously evolving. 

Tags : CI/CD, Secure Software Delivery

Shashank Srivastava

As a Country Manager, Sales & Marketing (ROW) at OpsMx, Shashank is responsible for revenue for Europe, Middle East and Asia Pacific. He is also responsible for Product Marketing and Strategic Partnerships. Shashank brings in over 20 years of experience in selling and marketing technology / software solutions. Over these years he has led teams for marketing, sales, business development and field operations. He has successfully driven several strategic initiatives within startup environments.

Link

0 Comments

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Like

How to build automated production ready software delivery pipelines in minutes?

March 16, 2022
Share

How Continuous Security and Compliance Automation improves DevOps: OpsMx Customer case study

May 12, 2022
Share

Use Spinnaker for Seamless Cloud Migration

September 7, 2020
Share

Recent Posts

Videos & Podcasts : How To Build Amazon AMI Image Using Spinnaker

Ship better software faster

OpsMx adds security and intelligent automation to your software delivery process