[{"data":1,"prerenderedAt":523},["ShallowReactive",2],{"/en-us/the-source/security/whitepaper-taking-the-complexity-out-of-compliance-frameworks":3,"footer-en-us":32,"the-source-banner-en-us":375,"the-source-navigation-en-us":387,"article-site-categories-en-us":415,"the-source-newsletter-en-us":417,"footer-source-/en-us/the-source/security/whitepaper-taking-the-complexity-out-of-compliance-frameworks/":428,"whitepaper-taking-the-complexity-out-of-compliance-frameworks-article-hero-category-en-us":433,"whitepaper-taking-the-complexity-out-of-compliance-frameworks-the-source-source-cta-en-us":457,"whitepaper-taking-the-complexity-out-of-compliance-frameworks-category-en-us":469,"whitepaper-taking-the-complexity-out-of-compliance-frameworks-the-source-resources-en-us":481},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":12,"content":16,"type":23,"slug":24,"category":5,"_id":25,"_type":26,"title":27,"_source":28,"_file":29,"_stem":30,"_extension":31},"/en-us/the-source/security/whitepaper-taking-the-complexity-out-of-compliance-frameworks","security",false,"",{"layout":9,"template":10,"featured":6,"gatedAsset":11},"the-source","TheSourceArticle","pf-taking-the-complexity-out-of-compliance-frameworks",{"title":13,"description":14,"ogImage":15},"Taking the complexity out of compliance frameworks","Explore the importance of proactive compliance in today's cyber threat landscape and learn how an integrated DevSecOps strategy can fortify your defense.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464259/qpwx0cpn26ltfnb7qcke.png",{"title":13,"date":17,"description":14,"heroImage":15,"keyTakeaways":18,"articleBody":22},"2024-07-01",[19,20,21],"In the face of escalating cyber risk and rigorous regulatory requirements, organizations must adopt strategic, proactive approaches to cybersecurity, shifting from manual methods to automated DevSecOps platforms.","The White House Cybersecurity Executive Order 14028 and regulatory frameworks like the NIST SSDF highlight the need for software companies to prioritize security over speed, mitigating security risks through enhanced quality and secure supply chains.","Despite the complexities of regulation, organizations can achieve time and cost efficiencies by embedding compliance requirements from the inception of software development, utilizing advanced tools to seamlessly integrate security practices.","In today’s landscape, cyber attacks pose a threat to all organizations, particularly for those linked to the U.S. government, where digital vulnerabilities can swiftly escalate to national security issues. Amidst evolving global regulations, federal agencies and other organizations face challenges in keeping up with new regulatory frameworks and enforcement trends.\n\nAs cyber threats grow more sophisticated, regulatory bodies are intensifying their security mandates, such as the White House Cybersecurity Executive Order 14028. Non-compliance carries hefty penalties, emphasizing the need for specific cybersecurity protocols. Navigating complex regulatory requirements demands a strategic, agile approach. Manual methods are no longer sufficient; organizations need an end-to-end DevSecOps platform, like GitLab, that embeds security throughout the software development lifecycle and automates manual tasks. Forward-thinking organizations prioritize proactive compliance, utilizing advanced tools to mitigate cybersecurity risks and embed security practices seamlessly into the development process.\n\nHistorically, software companies have prioritized speed at the expense of security, leaving vulnerabilities in their products. This trend stems from the demand for rapid releases and has become particularly prominent with the widespread adoption of DevOps practices. White House Cybersecurity Executive Order 14028 intensified the push for software manufacturers to enhance quality and secure their software supply chains. As an outcome of this mandate, security compliance frameworks, such as the Secure Software Development Framework, or NIST SSDF, aim to ease the burden of managing security compliance.\n\nHowever, the responsibility still rests on the industry, rather than regulatory bodies, to shift towards a culture of building secure software from inception. While the goals of most regulatory programs enjoy broad public support, in practice, regulation involves manual and siloed processes that can be costly and complex to navigate. To proactively address this challenge, organizations should embed compliance requirements and industry standards into the development process from the outset. By codifying these requirements and seamlessly integrating compliance and security controls throughout the software development lifecycle, organizations can realize significant time and cost efficiencies.","guide","whitepaper-taking-the-complexity-out-of-compliance-frameworks","content:en-us:the-source:security:whitepaper-taking-the-complexity-out-of-compliance-frameworks.yml","yaml","Whitepaper Taking The Complexity Out Of Compliance Frameworks","content","en-us/the-source/security/whitepaper-taking-the-complexity-out-of-compliance-frameworks.yml","en-us/the-source/security/whitepaper-taking-the-complexity-out-of-compliance-frameworks","yml",{"_path":33,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":35,"_id":371,"_type":26,"title":372,"_source":28,"_file":373,"_stem":374,"_extension":31},"/shared/en-us/main-footer","en-us",{"text":36,"source":37,"edit":43,"contribute":48,"config":53,"items":58,"minimal":363},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":38,"config":39},"View page source",{"href":40,"dataGaName":41,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":44,"config":45},"Edit this page",{"href":46,"dataGaName":47,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":49,"config":50},"Please contribute",{"href":51,"dataGaName":52,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":54,"facebook":55,"youtube":56,"linkedin":57},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[59,117,174,233,301],{"title":60,"links":61,"subMenu":77},"Pricing",[62,67,72],{"text":63,"config":64},"View plans",{"href":65,"dataGaName":66,"dataGaLocation":42},"/pricing/","view plans",{"text":68,"config":69},"Why Premium?",{"href":70,"dataGaName":71,"dataGaLocation":42},"/pricing/premium/","why premium",{"text":73,"config":74},"Why Ultimate?",{"href":75,"dataGaName":76,"dataGaLocation":42},"/pricing/ultimate/","why ultimate",[78],{"title":79,"links":80},"Contact Us",[81,86,91,96,101,106,111],{"text":82,"config":83},"Contact sales",{"href":84,"dataGaName":85,"dataGaLocation":42},"/sales/","sales",{"text":87,"config":88},"Support portal",{"href":89,"dataGaName":90,"dataGaLocation":42},"https://support.gitlab.com","support portal",{"text":92,"config":93},"Customer portal",{"href":94,"dataGaName":95,"dataGaLocation":42},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":97,"config":98},"Status",{"href":99,"dataGaName":100,"dataGaLocation":42},"https://status.gitlab.com/","status",{"text":102,"config":103},"Terms of use",{"href":104,"dataGaName":105,"dataGaLocation":42},"/terms/","terms of use",{"text":107,"config":108},"Privacy statement",{"href":109,"dataGaName":110,"dataGaLocation":42},"/privacy/","privacy statement",{"text":112,"config":113},"Cookie preferences",{"dataGaName":114,"dataGaLocation":42,"id":115,"isOneTrustButton":116},"cookie preferences","ot-sdk-btn",true,{"title":118,"links":119,"subMenu":130},"Product",[120,125],{"text":121,"config":122},"DevSecOps platform",{"href":123,"dataGaName":124,"dataGaLocation":42},"/platform/","devsecops platform",{"text":126,"config":127},"AI-Assisted Development",{"href":128,"dataGaName":129,"dataGaLocation":42},"/gitlab-duo/","ai-assisted development",[131],{"title":132,"links":133},"Topics",[134,139,144,149,154,159,164,169],{"text":135,"config":136},"CICD",{"href":137,"dataGaName":138,"dataGaLocation":42},"/topics/ci-cd/","cicd",{"text":140,"config":141},"GitOps",{"href":142,"dataGaName":143,"dataGaLocation":42},"/topics/gitops/","gitops",{"text":145,"config":146},"DevOps",{"href":147,"dataGaName":148,"dataGaLocation":42},"/topics/devops/","devops",{"text":150,"config":151},"Version Control",{"href":152,"dataGaName":153,"dataGaLocation":42},"/topics/version-control/","version control",{"text":155,"config":156},"DevSecOps",{"href":157,"dataGaName":158,"dataGaLocation":42},"/topics/devsecops/","devsecops",{"text":160,"config":161},"Cloud Native",{"href":162,"dataGaName":163,"dataGaLocation":42},"/topics/cloud-native/","cloud native",{"text":165,"config":166},"AI for Coding",{"href":167,"dataGaName":168,"dataGaLocation":42},"/topics/devops/ai-for-coding/","ai for coding",{"text":170,"config":171},"Agentic AI",{"href":172,"dataGaName":173,"dataGaLocation":42},"/topics/agentic-ai/","agentic ai",{"title":175,"links":176},"Solutions",[177,181,186,191,196,200,205,208,213,218,223,228],{"text":178,"config":179},"Application Security Testing",{"href":180,"dataGaName":178,"dataGaLocation":42},"/solutions/application-security-testing/",{"text":182,"config":183},"Automated software delivery",{"href":184,"dataGaName":185,"dataGaLocation":42},"/solutions/delivery-automation/","automated software delivery",{"text":187,"config":188},"Agile development",{"href":189,"dataGaName":190,"dataGaLocation":42},"/solutions/agile-delivery/","agile delivery",{"text":192,"config":193},"SCM",{"href":194,"dataGaName":195,"dataGaLocation":42},"/solutions/source-code-management/","source code management",{"text":135,"config":197},{"href":198,"dataGaName":199,"dataGaLocation":42},"/solutions/continuous-integration/","continuous integration & delivery",{"text":201,"config":202},"Value stream management",{"href":203,"dataGaName":204,"dataGaLocation":42},"/solutions/value-stream-management/","value stream management",{"text":140,"config":206},{"href":207,"dataGaName":143,"dataGaLocation":42},"/solutions/gitops/",{"text":209,"config":210},"Enterprise",{"href":211,"dataGaName":212,"dataGaLocation":42},"/enterprise/","enterprise",{"text":214,"config":215},"Small business",{"href":216,"dataGaName":217,"dataGaLocation":42},"/small-business/","small business",{"text":219,"config":220},"Public sector",{"href":221,"dataGaName":222,"dataGaLocation":42},"/solutions/public-sector/","public sector",{"text":224,"config":225},"Education",{"href":226,"dataGaName":227,"dataGaLocation":42},"/solutions/education/","education",{"text":229,"config":230},"Financial services",{"href":231,"dataGaName":232,"dataGaLocation":42},"/solutions/finance/","financial services",{"title":234,"links":235},"Resources",[236,241,246,251,256,261,266,271,276,281,286,291,296],{"text":237,"config":238},"Install",{"href":239,"dataGaName":240,"dataGaLocation":42},"/install/","install",{"text":242,"config":243},"Quick start guides",{"href":244,"dataGaName":245,"dataGaLocation":42},"/get-started/","quick setup checklists",{"text":247,"config":248},"Learn",{"href":249,"dataGaName":250,"dataGaLocation":42},"https://university.gitlab.com/","learn",{"text":252,"config":253},"Product documentation",{"href":254,"dataGaName":255,"dataGaLocation":42},"https://docs.gitlab.com/","docs",{"text":257,"config":258},"Blog",{"href":259,"dataGaName":260,"dataGaLocation":42},"/blog/","blog",{"text":262,"config":263},"Customer success stories",{"href":264,"dataGaName":265,"dataGaLocation":42},"/customers/","customer success stories",{"text":267,"config":268},"Remote",{"href":269,"dataGaName":270,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":272,"config":273},"GitLab Services",{"href":274,"dataGaName":275,"dataGaLocation":42},"/services/","services",{"text":277,"config":278},"TeamOps",{"href":279,"dataGaName":280,"dataGaLocation":42},"/teamops/","teamops",{"text":282,"config":283},"Community",{"href":284,"dataGaName":285,"dataGaLocation":42},"/community/","community",{"text":287,"config":288},"Forum",{"href":289,"dataGaName":290,"dataGaLocation":42},"https://forum.gitlab.com/","forum",{"text":292,"config":293},"Events",{"href":294,"dataGaName":295,"dataGaLocation":42},"/events/","events",{"text":297,"config":298},"Partners",{"href":299,"dataGaName":300,"dataGaLocation":42},"/partners/","partners",{"title":302,"links":303},"Company",[304,309,314,319,324,329,334,338,343,348,353,358],{"text":305,"config":306},"About",{"href":307,"dataGaName":308,"dataGaLocation":42},"/company/","company",{"text":310,"config":311},"Jobs",{"href":312,"dataGaName":313,"dataGaLocation":42},"/jobs/","jobs",{"text":315,"config":316},"Leadership",{"href":317,"dataGaName":318,"dataGaLocation":42},"/company/team/e-group/","leadership",{"text":320,"config":321},"Team",{"href":322,"dataGaName":323,"dataGaLocation":42},"/company/team/","team",{"text":325,"config":326},"Handbook",{"href":327,"dataGaName":328,"dataGaLocation":42},"https://handbook.gitlab.com/","handbook",{"text":330,"config":331},"Investor relations",{"href":332,"dataGaName":333,"dataGaLocation":42},"https://ir.gitlab.com/","investor relations",{"text":335,"config":336},"Sustainability",{"href":337,"dataGaName":335,"dataGaLocation":42},"/sustainability/",{"text":339,"config":340},"Diversity, inclusion and belonging (DIB)",{"href":341,"dataGaName":342,"dataGaLocation":42},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":344,"config":345},"Trust Center",{"href":346,"dataGaName":347,"dataGaLocation":42},"/security/","trust center",{"text":349,"config":350},"Newsletter",{"href":351,"dataGaName":352,"dataGaLocation":42},"/company/contact/","newsletter",{"text":354,"config":355},"Press",{"href":356,"dataGaName":357,"dataGaLocation":42},"/press/","press",{"text":359,"config":360},"Modern Slavery Transparency Statement",{"href":361,"dataGaName":362,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":364},[365,367,369],{"text":102,"config":366},{"href":104,"dataGaName":105,"dataGaLocation":42},{"text":107,"config":368},{"href":109,"dataGaName":110,"dataGaLocation":42},{"text":112,"config":370},{"dataGaName":114,"dataGaLocation":42,"id":115,"isOneTrustButton":116},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":376,"_dir":377,"_draft":6,"_partial":6,"_locale":7,"visibility":116,"id":378,"title":379,"button":380,"_id":384,"_type":26,"_source":28,"_file":385,"_stem":386,"_extension":31},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":381,"text":383},{"href":382},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":388,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":389,"subscribeLink":394,"navItems":398,"_id":411,"_type":26,"title":412,"_source":28,"_file":413,"_stem":414,"_extension":31},"/shared/en-us/the-source/navigation",{"altText":390,"config":391},"the source logo",{"src":392,"href":393},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":395,"config":396},"Subscribe",{"href":397},"#subscribe",[399,403,407],{"text":400,"config":401},"Artificial Intelligence",{"href":402},"/the-source/ai/",{"text":404,"config":405},"Security & Compliance",{"href":406},"/the-source/security/",{"text":408,"config":409},"Platform & Infrastructure",{"href":410},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"categoryNames":416},{"ai":400,"platform":408,"security":404},{"_path":418,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":419,"description":420,"submitMessage":421,"formData":422,"_id":425,"_type":26,"_source":28,"_file":426,"_stem":427,"_extension":31},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":423},{"formId":424,"formName":352,"hideRequiredLabel":116},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":429,"seo":430,"content":431,"type":23,"slug":24,"category":5,"_id":25,"_type":26,"title":27,"_source":28,"_file":29,"_stem":30,"_extension":31},{"layout":9,"template":10,"featured":6,"gatedAsset":11},{"title":13,"description":14,"ogImage":15},{"title":13,"date":17,"description":14,"heroImage":15,"keyTakeaways":432,"articleBody":22},[19,20,21],{"_path":434,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":435,"config":436,"seo":437,"content":440,"slug":5,"_id":454,"_type":26,"title":7,"_source":28,"_file":455,"_stem":456,"_extension":31},"/en-us/the-source/security","category",{"layout":9},{"title":404,"description":438,"ogImage":439},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",[441,446],{"componentName":442,"type":442,"componentContent":443},"TheSourceCategoryHero",{"title":404,"description":438,"image":444},{"config":445},{"src":439},{"componentName":447,"type":447,"componentContent":448},"TheSourceCategoryMainSection",{"config":449},{"sourceCTAs":450},[451,452,453],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age","content:en-us:the-source:security:index.yml","en-us/the-source/security/index.yml","en-us/the-source/security/index",{"_path":458,"_dir":459,"_draft":6,"_partial":6,"_locale":7,"config":460,"title":13,"link":463,"_id":466,"_type":26,"_source":28,"_file":467,"_stem":468,"_extension":31},"/shared/en-us/the-source/gated-assets/pf-taking-the-complexity-out-of-compliance-frameworks","gated-assets",{"formId":461,"utmCampaign":462,"slug":11},1002,"eg_global_cmp_gated-content_speedsecurity_en_complexcomp",{"config":464},{"href":465},"https://learn.gitlab.com/the-source-security/taking_complexity_ou","content:shared:en-us:the-source:gated-assets:pf-taking-the-complexity-out-of-compliance-frameworks.yml","shared/en-us/the-source/gated-assets/pf-taking-the-complexity-out-of-compliance-frameworks.yml","shared/en-us/the-source/gated-assets/pf-taking-the-complexity-out-of-compliance-frameworks",{"_path":434,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":435,"config":470,"seo":471,"content":472,"slug":5,"_id":454,"_type":26,"title":7,"_source":28,"_file":455,"_stem":456,"_extension":31},{"layout":9},{"title":404,"description":438,"ogImage":439},[473,477],{"componentName":442,"type":442,"componentContent":474},{"title":404,"description":438,"image":475},{"config":476},{"src":439},{"componentName":447,"type":447,"componentContent":478},{"config":479},{"sourceCTAs":480},[451,452,453],[482,497,510],{"_path":483,"_dir":484,"_draft":6,"_partial":6,"_locale":7,"config":485,"title":486,"description":487,"link":488,"_id":494,"_type":26,"_source":28,"_file":495,"_stem":496,"_extension":31},"/shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age","source-lp-ctas",{"slug":453},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":489,"config":490},"Read the report",{"href":491,"dataGaName":492,"dataGaLocation":493},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource","content:shared:en-us:the-source:source-lp-ctas:application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age",{"_path":498,"_dir":484,"_draft":6,"_partial":6,"_locale":7,"config":499,"title":500,"description":501,"link":502,"_id":507,"_type":26,"_source":28,"_file":508,"_stem":509,"_extension":31},"/shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"slug":452},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":503,"config":504},"Download the guide",{"href":505,"dataGaName":506,"dataGaLocation":493},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience","content:shared:en-us:the-source:source-lp-ctas:source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"_path":511,"_dir":484,"_draft":6,"_partial":6,"_locale":7,"config":512,"title":513,"description":514,"link":515,"_id":520,"_type":26,"_source":28,"_file":521,"_stem":522,"_extension":31},"/shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms",{"slug":451},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":516,"config":517},"Read the guide",{"href":518,"dataGaName":519,"dataGaLocation":493},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs","content:shared:en-us:the-source:source-lp-ctas:source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms",1761814430690]