SAT-03.8 ยท Continuing Professional Education (CPE) - DevOps Personnel

Control Description

Mechanisms exist to ensure application development and operations (DevOps) personnel receive Continuing Professional Education (CPE) training on Secure Software Development Practices (SSDP) to appropriately address evolving threats.

Control Question
Assessment question for control validation

Does the organization ensure application development and operations (DevOps) personnel receive Continuing Professional Education (CPE) training on Secure Software Development Practices (SSDP) to appropriately address evolving threats?

Control Weighting
8
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational