Towards Automated Continuous Security Compliance


The project ACSC (Automated Continuous Security Compliance) operates in the stress field between continuous software development and the compliance of software intensive-products to security-relevant requirements. We explore challenges and opportunities of automated security compliance activities, design and implement solutions, and we evaluate them in an industrial context.

Project description

Nowadays, almost every software-intensive system must comply with requirement from security-relevant regulations and standards, such as ISO 27001 or IEC 6243. Manual compliance analyses with such requirements is resource-intensive and error-prone, and it hinders the adoption of continuous software development methods like agile.

The inherent challenges between continuous software development and reproducibly complying with security requirements is one key challenge in large-scale industrial software development. Automating security compliance activities, where possible and appropriate, therefore offers a way to ensure strong long-term competitiveness in the market.

Research contribution

fortiss analyzes the challenges in automated security compliance activities in practice. Considering the relevance of the challenges and the automation potential they bare, fortiss designs and integrates solutions in ongoing project with relevant security requirements. Thus, the limitations of automation are explored, and specific solutions are developed and tested in practice to ensure their usefulness.


Project duration

01.09.2023 - 31.08.2026

 Florian Angermeir

Your contact

Florian Angermeir

+49 89 3603522 279

Project partner