[AM3.3: 4] Monitor automated asset creation.
The SSG guides the implementation of technology controls that provide a continuously updated view of the various network, machine, software, and related infrastructure assets being instantiated by engineering teams as part of their ALM processes. To help ensure proper coverage, the SSG works with engineering teams to understand orchestration, cloud configuration, and other self-service means of software delivery used to quickly stand-up servers, databases, networks, and entire clouds for software deployments. Monitoring the changes in application design (e.g., moving a monolithic application to microservices) is also part of this effort. This monitoring requires a specialized effort—normal system, network, and application logging and analysis won’t suffice. Success might require a multi-pronged approach, including consuming orchestration and virtualization metadata, querying cloud service provider APIs, and outside-in web crawling and scraping. As processes improve, the data will be helpful for threat modeling efforts (see [AA1.1 Perform security feature review]).