CI/CD Pipeline
A critical part of a software factory is the CI/CD pipeline. A software factory may contain multiple CI/CD pipelines which are equipped with a set of tools, process workflows, scripts, and environments, to produce a set of softwstare deployable artifacts with minimal human intervention. It automates the activities in the develop, build, test, release, and deliver phases. Different pipelines are needed for different types of software such as web applications, business systems, command and control systems, embedded systems, or AI/ML.
Continuous Authorization to Operate (CATO)
cATO is the state achieved when the organization that develops, secures, and operates a system has demonstrated sufficient maturity in their ability to maintain a resilient cybersecurity posture that traditional risk assessments and authorizations become redundant. This organization must have implemented robust information security continuous monitoring capabilities, active cyber defense, and secure software supply chain requirements to enable continuous delivery of capabilities without adversely impacting the system’s cyber posture.