CIS Software Supply Chain Security Guide

CIS partnered with Aqua Security to develop the Software Supply Chain Guide, which is intended for DevOps and application security administrators, security specialists, auditors, help desks, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions to build and deploy software updates through automated means of DevOps pipelines.

This Guide was created using a consensus review process comprised of a global community of subject matter experts. The process combines real-world experience with data-based information to create technology-specific guidance to assist users to secure their environments. Consensus participants provide perspectives from a diverse set of backgrounds including consulting, software development, audit and compliance, security research, operations, government, and legal.

CIS Controls v8 Mapping  to PCI DSS 40 cover