DevSecOps Platform Template

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 8

GSA - DevSecOps Platform Framework Template

A. Overarching DevSecOps Platform Considerations:

Artifact Type: Platform Description

Title: Link: Owner:

Ex. Document Title Ex. Sample Link Ex.

Artifact Type: Platform Responsibilities

Title: Link: Owner:

Ex. Document Title Ex. Sample Link Ex.

B. Image Management

Artifact Type: Image Repository

Title: Link: Owner:

Ex. Repository Name Ex. Link to Repository Ex.

Artifact Type: Process for Adding New Images

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP
Artifact Type: Process for Instantiating a New Instance from an Image

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

C. Logging, Monitoring, and Alerting

Artifact Type: Guide to Application Owner Access

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code or Document Ex.


Name

D. Patch Management

Artifact Type: Process for Patching a Running System

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Process for Introducing a Path into the Platform

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

E. Platform Governance
Artifact Type: Change Proposal Intake Process

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Intake Form, Ex.


Name Process Description,
or SOP

Artifact Type: Change Proposal Evaluation Process

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Process Ex.


Name Description, or SOP

Artifact Type: Change Proposal Execution Process

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Process Ex.


Name Description, or SOP

F. Change Management

Artifact Type: Version Control Repository

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Open Source Ex.


Name

Artifact Type: Version Control Standards for Branching, Merging, and More

Title: Link: Type: Owner:


Ex. Document Ex. Sample Link Ex. Open Source Ex.
Name

G. Application Development, Testing, and Operations

Artifact Type: Developer Environment

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Operational Procedures for Updating Running System

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Testing Tools Usable by Developers

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code Ex.


Name

Artifact Type: Testing Standards Best Practices for the Platform

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP
H. Application Deployment

Artifact Type: Deployment Pipeline

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Link to Running Ex.


Name Pipeline, Code,
Checklist, or SOP

Artifact Type: Deployment Playbook

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

I. Accounts, Privileges, Credentials, and Secrets Management

Artifact Type: User Onboarding and Offboarding Guides

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: IAM Definitions

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code and/or Ex.


Name Documentation
Artifact Type: Secret Management Practices

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Tools and/or Ex.


Name Documentation

J. Availability and Performance Management

Artifact Type: Platform Availability Metrics

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Guide to Configuring Availability for Applications

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Catalog or Document Method of Performance Information

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

K. Network Management

Artifact Type: Network Structure Definition


Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Request Process for Network Changes

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

L. Authority to Operate Processes

Artifact Type: Process for Achieving an ATO

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Templates for ATO Artifacts

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code Ex.


Name [OpenControl] or
document template

M. Backup and Data Lifecycle Management

Artifact Type: Documentation on Use of Backup and Data Lifecycle Management


Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

N. Agreements and Financial Management

Artifact Type: Links to Spending Dashboards

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Process for Onboarding

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

Artifact Type: Process for Allocating Budget

Title: Link: Type: Owner:

Ex. Document Ex. Sample Link Ex. Code, Checklist, Ex.


Name or SOP

You might also like