[AM3.3: 0] Monitor automated asset creation.
The SSG implements technology controls that provide a continuously updated view of the various network, machine, software, and related infrastructure assets being instantiated by engineering teams as part of their ALM processes. The SSG works with the engineering teams to understand the custom automation and cloud provider dashboards engineering uses to quickly stand-up servers, databases, networks, and entire clouds for software deployments. Monitoring the changes in application design (e.g., moving a monolithic application to microservices) is also part of this effort. This monitoring requires a specialized effort; normal system, network, and application logging and analysis won’t suffice. Success might require a multi-pronged approach, including consuming orchestration and virtualization metadata, querying cloud service provider APIs, and outside-in web crawling and scraping. As processes improve, the data will be helpful for threat modeling efforts (see [AA1.1 Perform security feature review]).