Skip to content

7. Converge RMF with your SDLC

We covered this throughout the document, but here is a quick summary:


  • Integrated cybersecurity culture (cross-functional teams)
  • Technical assessors (from your performer, or from your AO’s contract(s))


  • Perform all RMF steps
  • Create Living documentation by way of your SDLC toolsuite
  • Follow NIST Guidance + create an ongoing authorization playbook
  • Establish continuous delivery, with metrics for high quality and reduced risk

Technology / Automation

  • Implement high common controls inheritance via opinionated cloud platform
  • Modern Security Requirements Management (e.g. Tracer or SD Elements)
  • Static Application & Dependency Vulnerability Scanning (e.g. Snyk)
  • Image Scanning (e.g. Aqua)
  • Container Scanning (e.g. Aqua)