CSSLP Domain 7: Secure Software Deployment, Operations, Maintenance

(ISC)² ® CSSLP  Domain 7: Secure Software Deployment, Operations, Maintenance (12%) CSSLP’s seventh domain accounts for 12% of the exam weightage. This domain explores the deployment process. When an application is developed, the next step is to arrange its deployment, which requires a safe environment in which the deployment process is accomplished. This domain covers continuous integration & continuous delivery (CI/CD) pipeline, secret codes that manage the application, disaster recovery, resiliency, and information security continuous monitoring (ISCM). It explains how to do patch management (e.g., secure release, testing) and vulnerability management (e.g., scanning, tracking, triaging). This domain is further divided into: Perform operational risk analysis Release software securely Securely store and manage security data Ensure secure installation Perform post-deployment security testing Obtain security approval to operate Perform information security continuous monitoring (ISCM) Support incident response Perform patch management Perform vulnerability management Runtime protection Support continuity of operations Integrate Service Level Objectives (SLO) and Service Level Agreements (SLA) Read More: (ISC)² ® CSSLP Domain 7: Secure Software Deployment, Operations, Maintenance