>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

3.2.33.2.3

>Control Description

A standardized approach to application security including code remediation is implemented across the DoD enterprise. Part one (1) of this activity includes the integration of securing API gateways (i.e., API management, WAF, continuous API testing, distributed enforcement not just perimeter) with applications utilizing API or similar calls. Code reviews are conducted in a methodical approach, and standardized protections for containers and their infrastructure are in place. Additionally, any serverless functions where the 3rd party manages the infrastructure, such as Platform as a Service, utilize adequate serverless security monitoring and response functions. Code reviews, container and serverless security functions are integrated into the CI/CD and/or DevSecOps process, as appropriate.

>Cross-Framework Mappings

SCF

TDA-09
Compare

Ask AI

Configure your API key to use AI features.