With a DevOps approach, the creation of compliance and security content can happen alongside development, involving input from various stakeholders, according to an article in FCW.
One example is the Security Content Automation Protocol Security Guide, aka the SCAP Security Guide (SSG), an open source project that addresses many security and compliance needs and provides advice for best practices.
The SSG exemplifies how getting everyone to the table at the outset of compliance content creation can positively impact development further down the line. Since security policies will have been baked into the development process from the beginning, there’s no need for annual “check the box” moments that disrupt development. As a result, security no longer impedes innovation, but instead enables it and provides a safe place for innovation.
Read the full article: Why compliance demands a DevOps approach | FCW