From a risk-management perspective, DevSecOps engineers and Risk Management Framework (RMF) IT security engineers are, in many ways, operationally out of sync. Although the tools and methodologies they use are similar to some degree, there are areas of significant disparity that lead to the two communities speaking different operational languages.

In this paper, we discuss the reasons for this disparity and the potential benefits of bringing these two communities together. We also present what we think needs to be done so they can integrate with each other, speak a common language, and automate implementations—particularly with regard to the RMF process.

Our hope is that this paper will be used as a guideline to spur further research and development that will lead to a more forward leaning and comprehensive security posture. Such a posture will rely less on intermittent monitoring, sporadic manual intervention, and documentation. Instead, it will embrace the principles of agile methodologies, ensuring overall life-cycle security and compliance through automation using emerging tools and technologies.

Sign Up To Receive Your Copy

White Paper Request
Name
Name
First
Last
Want to keep up-to-date with our latest news and announcements?

Join our team today to confront the challenges of tomorrow.

OMNI is looking for world-class talent ready to tackle challenging projects that will enable our customers to achieve their most demanding technical and operational goals.

We are an equal opportunity employer offering competitive salaries, comprehensive health benefits and equity packages.