Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect

PS – Platform

NIST CSF Sub-Category PR.PS
In the context of Application Security (AppSec) and CI/CD (Continuous Integration/Continuous Deployment) pipelines, normative documents are vital to embed security throughout the software development lifecycle. Standards like OWASP Application Security Verification Standard (ASVS) and ISO/IEC 27034 provide guidance on secure coding, testing, and deployment practices, while NIST SP 800-218 (Secure Software Development Framework) addresses DevSecOps integration. Regulatory bodies and industry agencies, such as ENISA in Europe and CISA in the U.S., issue recommendations for integrating security controls into CI/CD pipelines to reduce vulnerabilities and prevent breaches. By following these standards and regulations, organizations can ensure that applications are developed securely from the start, automate security checks within DevOps processes, and maintain compliance with legal and industry requirements.