Provide Developer-Friendly Security & Governance Controls

This standard mandates the provision of developer-friendly security and governance controls to make security policies easy to follow without hindering engineers' productivity.

1. Provide Developer-Friendly Security & Governance Controls:

Make security policies easy to follow without blocking engineers. This approach ensures security compliance without creating unnecessary friction.

• 1.1 Pre-Approved Infrastructure Templates:
  • 1.1.1 Template Provision:
    • Offer pre-approved infrastructure templates that meet security requirements.
    • Automate the generation of pre-approved templates.
  • 1.1.2 Template Management:
    • Automate the management of template updates.
    • Implement template usage tracking.
• 1.2 Real-Time Security Feedback:
  • 1.2.1 Issue Reporting:
    • Implement real-time feedback for security issues instead of post-facto rejections.
    • Automate the delivery of real-time security feedback.
  • 1.2.2 Feedback Integration:
    • Automate the integration of feedback into the development process.
    • Implement feedback tracking.
• 1.3 Self-Service Security Tooling:
  • 1.3.1 Developer Testing:
    • Provide self-service security and compliance tooling to allow developers to test their code early.
    • Automate the provision of self-service tools.
  • 1.3.2 Tool Access:
    • Automate developer access to security tooling.
    • Implement tool usage tutorials.

By providing developer-friendly security controls, organisations can ensure security compliance without hindering developer productivity.

---