Enterprise Code
Signing Policy

Enable your engineers and developers to follow best practices for compliance procedures that protect your software.

Best practices start with policy

The tools exist to quickly and easily protect code. But even the best tool is ineffective when it’s improperly used—or not used at all. Many developers are surprised to discover that software security, like signingscanning, and
SBOMs, not only guard software against malware and other threats, but also speed time-to-delivery without
hindering production or innovation. A strong software security policy helps guide CI/CD toward best practices, so the tools can protect a fast and efficient development process.

Your policy to use or adapt

This sample policy is built to run today. For most organizations, the basic principles of software protection are universal. If you need a policy that is tailored to the unique needs of your organization and development team structure, you can use this policy as a template, helping you to consider how you want to establish and enforce best practices for your CI/CD.

What’s inside:

  • Establishing code signing processes and the use of tools, including authentication and key management
  • Defining and segregating roles to facilitate management and risk management
  • Instituting proactive and reactive processes like reviews and incident response
  • Managing the usage of tools like code signing, SBOM, auditing and logging

Get the Enterprise Code Signing Policy and learn how
to enforce compliance and protect your software.

 

By supplying my personal information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert's Privacy Policy.
Download