We’re part of the Object Management Group (OMG), which has issued a Request for Proposal (RFP) to develop a standardized approach to DevSecOps integration across the enterprise. If you or your organization are interested in contributing, you can view the full RFP here:
https://www.omg.org/cgi-bin/doc.cgi?c4i/2025-3-4

Key Areas of Focus in the RFP:

• Role-based integration of DevSecOps into organizational guidance and policy
• Alignment of practices, tools, and standards across varied enterprise teams
• Compatibility across projects using different pipelines and infrastructures
• Analysis of alternatives (AoA) for toolchains and methodologies
• Maturity, reliability, and security measures for DevSecOps implementations

We’re currently working on a formal response at DIDO Solutions and are seeking constructive feedback and collaboration from the broader DevSecOps, cybersecurity, and infrastructure communities. Our goal is to shape a standard that reflects both technical realities and organizational constraints.

Attached: Requirements Overview (image)
This diagram outlines the role-based breakdown we're using as a foundation covering leadership, engineering, operations, QA, and compliance.

If you have suggestions, critiques, or want to contribute perspectives from the field, we’d love to hear from you. Please feel free to reply directly in the thread or leave comments on the google sheet. We will be converting it into a model by the end: