[CMVM3.5: 0] Automate verification of operational infrastructure security.
The SSG works with engineering teams to facilitate a controlled self-service process that replaces some traditional IT efforts, such as application and infrastructure deployment, and includes verification of security properties (e.g., adherence to agreed-upon security hardening). Engineers now create networks, containers, and machine instances, orchestrate deployments, and perform other tasks that were once IT’s sole responsibility. In facilitating this change, the organization uses machine-readable policies and configuration standards to automatically detect and report on infrastructure that does not meet expectations. In some cases, the automation makes changes to running environments to bring them into compliance. In many cases, organizations use a single policy to manage automation in different environments, such as in multi-cloud and hybrid-cloud environments.