"NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments"
Cybercriminals frequently target software development and delivery supply chains. These environments can be used to compromise cloud deployments throughout the automated software development and delivery lifecycle. The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a Cybersecurity Information Sheet (CSI) titled "Defending Continuous Integration/Continuous Delivery (CI/CD) Environments" to provide guidance for incorporating security best practices into typical software development and operations (DevOps) CI/CD environments. The CSI recommends best practices for authentication and access control, development environments and tools, and the development process for hardening CI/CD pipelines. NSA and CISA recommend that organizations and network defenders implement the mitigations in this CSI to reduce CI/CD environment compromise and create a difficult environment for malicious cyber actors. This article continues to discuss the CSI released by NSA and CISA on defending CI/CD environments.