Compliance Attestation & Reporting
Security frameworks provide an important way of both assessing and validating your security program. Learn more about Legit’s support for a variety of frameworks, from SLSA to SSDF to ISO 27001 to PCI DSS and more.
Validate and Demonstrate Compliance
Security frameworks provide a thoughtful, structured approach to building software security programs that are comprehensive and aligned with important best practices. These frameworks, including SSDF, ISO 27001, PCI DSS and more, offer both guidance and guardrails, which auditors leverage to assess compliance. Learn how Legit maps your development environment and security to a variety of frameworks and provides a clear path to attestation of your security controls.
Compliance Attestation & Reporting
CISA Attestation
CISA Attestation allows organizations to verify that they adhere to the NIST Secure Software Development Framework (SSDF) guidelines and comply with the controls described. Legit ensures you can validate your security program aligns with the four key areas of CISA Attestation: Secure Development Environments, Secure Software Supply Chain, Maintain Code & Artifact Provenance, and Check for Vulnerabilities.
SSDF
Developed to help companies better enact security as they build and deliver applications, the Secure Software Development Framework (SSDF) is a set of fundamental and secure software development practices aimed at addressing the security issues often overlooked in traditional software development life cycle (SDLC) model. For organizations building SSDF compliance programs, Legit maps specific controls back to the SSDF framework, delivering dynamic and automated continuous compliance.
SLSA
The ever-growing list of companies experiencing attacks on the software supply chain drove renewed focus on security in this domain. To address software supply chain security (SSCS), the SLSA guidelines were established. With SLSA, organizations have a set of guidelines specific to SSCS, and a way to assess compliance with the SSDF. Legit provides security teams the ability to map their controls to the SLSA framework in order to meet SSCS requirements.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) has been a critical framework in safeguarding credit card transactions, cardholder data, and PII. It's important for any entity storing, handling, processing, or transmitting cardholder information. Legit’s platform provides a comprehensive solution for addressing SDLC requirements within the PCI DSS, including protecting secrets and understanding the building blocks of your software, often through a software bill of materials (SBOM).
Other Frameworks
Beyond SSDF, SLSA and PCI DSS, a range of other frameworks and standards exist to help companies both verify and prove the integrity of their software security programs, including SOC2, FedRAMP and ISO 27001, among others. Legit provide comprehensive support for these, and other frameworks, to support customers as they work toward a comprehensive, compliant security program.
Align Software Security & Compliance
Legit offers both visibility and validation of security controls in place across the SDLC and how these align with core frameworks.
Attestation and Audit Support
Legit delivers verification and evidence to support compliance audit requirements, and attestation mandates, such as CISA for SSDF.
Software Bill of Materials (SBOMs)
Legit delivers complete visibility into development environments so you can produce SBOMs as part of a compliance or secure software supply chain initiative.
Related Resources
-
blogs
Navigating the Shift: Unveiling the changes in the PCI DSS version 4
Gain insights in the latest changes in PCI DSS version 4 with this quick overview, highlighting the primary changes and how to best prepare for them.
-
analyst reports
2024 Gartner® Market Guide for DevOps Continuous Compliance Automation Tools
Get the 2024 Gartner® Market Guide for DevOps Continuous Compliance Automation Tools where Legit Security is named a representative vendor in the March report.
-
white papers
What You Need to Know About the Software Supply Chain Regulatory Landscape and SBOMs
This guide helps you understand the regulations around software supply chains.
Request a Demo
Request a demo including the option to analyze your own software supply chain.