7. Converge RMF with your SDLC

We covered this throughout the document, but here is a quick summary:

People

• Integrated cybersecurity culture (cross-functional teams)
• Technical assessors (from your performer, or from your AO’s contract(s))

Process

• Perform all RMF steps
• Create Living documentation by way of your SDLC toolsuite
• Follow NIST Guidance + create an ongoing authorization playbook
• Establish continuous delivery, with metrics for high quality and reduced risk

Technology / Automation

• Implement high common controls inheritance via opinionated cloud platform
• Modern Security Requirements Management (e.g. Tracer or SD Elements)
• Static Application & Dependency Vulnerability Scanning (e.g. Snyk)
• Image Scanning (e.g. Aqua)
• Container Scanning (e.g. Aqua)