Draft NIST Special Publication 800 -204C 1 2 Implementation of DevSecOps for a 3 Microservices -based Application with 4 Service Mesh 5 6 7 8 Ramaswamy Chandramouli 9 10 11 12 This publication is available free of charge from: 13 https://doi.org/10.6028/NIST.SP.800- 204C-draft 14 Draft NIST Special Publication 800 -204C 15 16 Implementation of DevSecOps for a 17 Microservices -based Application with 18 Service Mesh 19 20 Ramaswamy Chandramouli 21 Computer Security Division 22 Information Technology Laboratory 23 24 25 26 27 28 29 This publication is available free of charge from: 30 https://doi.org/10.6028/ NIST.SP.800- 204C -draft 31 32 33 September 2021 34 35 36 37 38 U.S. Department of Commerce 39 Gina M. Raimondo, Secretary 40 41 National Institute of Standards and Technology 42 James K. Olthoff , Performing the Non -Exclusive Functions and Duties of the Under Secretary of Commerce 43 for Standards and Technoogy & Director, National Institute of Standards and Technology 44 NIST SP 800-204C (DRAFT) DEVSECOPS FOR A MICROSERVICES -BASED APPLICATION WITH SERVICE MESH Authority 45 This publication has been developed by NIST in accordance with its statutory responsibilities under the 46 Federal Information Security M odernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq. , Public Law 47 (P.L.) 113 -283. NIST is responsible for developing information security standards and guidelines, incl uding 48 minimum requirements for f ederal information systems, but such standards and guidelines shall not apply 49 to national security systems without the express approval of appropriate f ederal officials exercising policy 50 authority over such systems. This guideline is consistent with the requirements of the Office of Management 51 and Budget (OMB) Circular A -130. 52 Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and 53 binding on f ederal ag encies by the Secretary of Commerce under statutory authority. Nor should these 54 guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, 55 Director of the OMB, or any other f ederal official. This publicatio n may be used by nongovernmental 56 organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, 57 however, be appreciated by NIST. 58 National Institute of Standards and Technology Special Publication 800-204 C 59 Natl. Inst. Stand. Technol. Spec. Publ. 800- 204C , 40 pages (September 2021 ) 60 CODEN: NSPUE2 61 This publication is available free of charge from: 62 https://doi.org/10.6028/NIST.SP.800 -204C -draft 63 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 64 experimental procedure or concept a dequately. Such identification is not intended to imply recommendation or 65 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 66 available for the purpose. 67 There may be references in this publi cation to other publications currently under development by NIST in accordance 68 with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, 69 may be used by federal agencies even before the completi on of such companion publications. Thus, until each 70 publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For 71 planning and transition purposes, federal agencies may wish to closely follow the development of these new 72 publications by NIST. 73 Organizations are encouraged to review all draft publications during public comment periods and provide feedback to 74 NIST. All NIST Computer Security Division publications, other than the ones noted above, are avail