Assure supplier environment
Review environment tooling and assess security posture
Implement security tooling in existing environment
Design and implement secure CI/CD pipeline with tooling for – static analysis; vulnerability scanning; dependency management; secure container registry; secrets management
Produce hardened config files and policies for virtual servers
Implement monitoring and alerting in existing environment
Implement certificate management service in existing environment
Implement network segmentation and establish security zones / resource poolsImplement / optimise configuration for existing security tooling (e.g. Microsoft E5 products)
Create automation playbooks for existing security tooling
Environment is designed and built, client has right to inspect / audit
Target Operating Systems and platforms are known
Metrics have been identified, APIs available for consumption
