{"id":1917,"date":"2026-01-30T11:03:30","date_gmt":"2026-01-30T10:03:30","guid":{"rendered":"https:\/\/regulated-devsecops.com\/uncategorized\/comparacion-de-arquitecturas-nis2-vs-dora\/"},"modified":"2026-03-26T09:36:26","modified_gmt":"2026-03-26T08:36:26","slug":"comparacion-de-arquitecturas-nis2-vs-dora","status":"publish","type":"post","link":"https:\/\/regulated-devsecops.com\/es\/regulatory-frameworks-es\/comparacion-de-arquitecturas-nis2-vs-dora\/","title":{"rendered":"Comparaci\u00f3n de Arquitecturas NIS2 vs DORA"},"content":{"rendered":"\n<p><strong>How Regulatory Objectives Shape Security and CI\/CD Design<\/strong><\/p>\n\n<p>NIS2 and DORA are often mentioned together, but they are <strong>not interchangeable<\/strong>. While both regulations focus on cybersecurity and operational resilience, they differ significantly in <strong>scope, regulatory intent, and architectural implications<\/strong>.<\/p>\n\n<p>This article compares <strong>NIS2 vs DORA through an architectural lens<\/strong>, highlighting how governance, CI\/CD pipelines, and operational controls are structured differently under each framework.<\/p>\n\n<!-- GeneratePress Inline SVG \u2013 Regulated DevSecOps -->\n<figure class=\"gp-rds-diagram\">\n<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 1200 420\" role=\"img\" aria-labelledby=\"title desc\">\n\n  <title id=\"title\">NIS2 vs DORA Architecture Comparison<\/title>\n  <desc id=\"desc\">\n    Visual comparison of NIS2 and DORA architectures showing governance,\n    CI\/CD positioning, evidence expectations, and operational focus.\n  <\/desc>\n\n  <style>\n    :root{\n      --bg:transparent;\n      --text:#0f172a;\n      --muted:#475569;\n      --stroke:#cbd5e1;\n      --card:#ffffff;\n      --accent:#2563eb;\n      --accentSoft:#dbeafe;\n      --accent2:#7c3aed;\n      --accentSoft2:#ede9fe;\n    }\n    .txt{font-family:ui-sans-serif,system-ui,-apple-system,Segoe UI,Roboto,Arial;}\n    .title{font-weight:700;font-size:22px;fill:var(--text);}\n    .sub{font-size:14px;fill:var(--muted);}\n    .label{font-weight:600;font-size:14px;fill:var(--text);}\n    .small{font-size:12px;fill:var(--muted);}\n\n    .card{fill:var(--card);stroke:var(--stroke);stroke-width:1.5;rx:14;}\n    .chip{fill:transparent;stroke:var(--stroke);stroke-width:1.5;rx:6;}\n    .chipText{font-weight:600;font-size:12px;fill:var(--text);}\n\n    .nis2 .card{stroke:var(--accent);}\n    .nis2 .chip{stroke:var(--accent);fill:var(--accentSoft);}\n\n    .dora .card{stroke:var(--accent2);}\n    .dora .chip{stroke:var(--accent2);fill:var(--accentSoft2);}\n\n    .divider{stroke:var(--stroke);stroke-width:2;stroke-dasharray:6 6;}\n  <\/style>\n\n  <!-- Header -->\n  <text class=\"txt title\" x=\"40\" y=\"42\">NIS2 vs DORA \u2014 Architecture Comparison<\/text>\n  <text class=\"txt sub\" x=\"40\" y=\"68\">\n    Governance \u2022 CI\/CD role \u2022 Evidence \u2022 Operational focus\n  <\/text>\n\n  <!-- Divider -->\n  <line class=\"divider\" x1=\"600\" y1=\"90\" x2=\"600\" y2=\"400\"><\/line>\n\n  <!-- NIS2 Column -->\n  <g class=\"nis2\" transform=\"translate(40,100)\">\n    <text class=\"txt label\" x=\"0\" y=\"0\">NIS2 Architecture<\/text>\n    <text class=\"txt small\" x=\"0\" y=\"20\">Cybersecurity baseline &#038; risk management<\/text>\n\n    <g transform=\"translate(0,40)\">\n      <rect class=\"card\" width=\"500\" height=\"240\"><\/rect>\n      <text class=\"txt label\" x=\"18\" y=\"34\">Governance &#038; Risk Management<\/text>\n      <text class=\"txt small\" x=\"18\" y=\"56\">Organisational &#038; technical measures<\/text>\n\n      <g transform=\"translate(18,80)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          Cyber risk assessment &#038; policies\n        <\/text>\n      <\/g>\n      <g transform=\"translate(18,114)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          Secure SDLC &#038; supply chain controls\n        <\/text>\n      <\/g>\n      <g transform=\"translate(18,148)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          CI\/CD as security enforcement support\n        <\/text>\n      <\/g>\n      <g transform=\"translate(18,182)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          Incident detection &#038; response readiness\n        <\/text>\n      <\/g>\n    <\/g>\n  <\/g>\n\n  <!-- DORA Column -->\n  <g class=\"dora\" transform=\"translate(660,100)\">\n    <text class=\"txt label\" x=\"0\" y=\"0\">DORA Architecture<\/text>\n    <text class=\"txt small\" x=\"0\" y=\"20\">Operational resilience &#038; ICT control<\/text>\n\n    <g transform=\"translate(0,40)\">\n      <rect class=\"card\" width=\"500\" height=\"240\"><\/rect>\n      <text class=\"txt label\" x=\"18\" y=\"34\">ICT Governance &#038; Resilience<\/text>\n      <text class=\"txt small\" x=\"18\" y=\"56\">Financial sector requirements<\/text>\n\n      <g transform=\"translate(18,80)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          ICT risk management &#038; ownership\n        <\/text>\n      <\/g>\n      <g transform=\"translate(18,114)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          CI\/CD as regulated ICT system\n        <\/text>\n      <\/g>\n      <g transform=\"translate(18,148)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          Continuous evidence &#038; traceability\n        <\/text>\n      <\/g>\n      <g transform=\"translate(18,182)\">\n        <rect class=\"chip\" width=\"460\" height=\"28\"><\/rect>\n        <text class=\"txt chipText\" x=\"230\" y=\"19\" text-anchor=\"middle\">\n          Operational resilience &#038; recovery\n        <\/text>\n      <\/g>\n    <\/g>\n  <\/g>\n\n<\/svg>\n\n  <figcaption class=\"gp-rds-caption\">\n    Comparison of NIS2 and DORA architectures showing governance,\n    CI\/CD positioning, evidence expectations, and operational focus.\n  <\/figcaption>\n<\/figure>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Regulatory Scope and Intent<\/strong><\/h2>\n\n<h3 class=\"wp-block-heading\"><strong>NIS2: Broad Cybersecurity Baseline<\/strong><\/h3>\n\n<p>NIS2 establishes a <strong>horizontal cybersecurity baseline<\/strong> across a wide range of essential and important entities, including public sector organizations, energy, transport, healthcare, digital infrastructure, and large enterprises.<\/p>\n\n<p>Architectural implication:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>focus on <strong>risk management and preparedness<\/strong><\/li>\n\n\n\n<li>flexibility in technical implementation<\/li>\n\n\n\n<li>emphasis on proportionality<\/li>\n<\/ul>\n\n<p>NIS2 asks:<\/p>\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cAre cybersecurity risks identified, managed, and addressed across the organization?\u201d<\/em><\/p>\n<\/blockquote>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h3 class=\"wp-block-heading\"><strong>DORA: Financial Sector Operational Resilience<\/strong><\/h3>\n\n<p>DORA is a <strong>sector-specific regulation<\/strong> targeting financial entities and their ICT service providers. It focuses on <strong>operational resilience<\/strong>, ICT risk management, and supervisory oversight.<\/p>\n\n<p>Architectural implication:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>CI\/CD and ICT systems treated as <strong>regulated assets<\/strong><\/li>\n\n\n\n<li>stronger enforcement and traceability expectations<\/li>\n\n\n\n<li>tighter supervisory scrutiny<\/li>\n<\/ul>\n\n<p>DORA asks:<\/p>\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cCan you continuously demonstrate ICT risk control and resilience?\u201d<\/em><\/p>\n<\/blockquote>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Architectural Positioning of CI\/CD Pipelines<\/strong><\/h2>\n\n<h3 class=\"wp-block-heading\"><strong>NIS2 Architecture Perspective<\/strong><\/h3>\n\n<p>Under NIS2, CI\/CD pipelines are part of the <strong>secure development and supply chain ecosystem<\/strong>.<\/p>\n\n<p>Architectural characteristics:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>CI\/CD enforces secure SDLC practices<\/li>\n\n\n\n<li>dependency and supply chain risks addressed<\/li>\n\n\n\n<li>governance focuses on ownership and oversight<\/li>\n<\/ul>\n\n<p>CI\/CD pipelines support compliance but are <strong>not always explicitly classified as regulated systems<\/strong>.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h3 class=\"wp-block-heading\"><strong>DORA Architecture Perspective<\/strong><\/h3>\n\n<p>Under DORA, CI\/CD pipelines are treated as <strong>regulated ICT systems<\/strong>.<\/p>\n\n<p>Architectural characteristics:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>CI\/CD enforces change management and segregation of duties<\/li>\n\n\n\n<li>all production changes must flow through pipelines<\/li>\n\n\n\n<li>pipelines generate continuous audit evidence<\/li>\n<\/ul>\n\n<p>CI\/CD becomes a <strong>control enforcement layer<\/strong>, not just a delivery mechanism.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Governance and Risk Management Layer<\/strong><\/h2>\n\n<h3 class=\"wp-block-heading\"><strong>NIS2 Governance Model<\/strong><\/h3>\n\n<ul class=\"wp-block-list\">\n<li>cybersecurity risk management<\/li>\n\n\n\n<li>organizational and technical measures<\/li>\n\n\n\n<li>executive accountability<\/li>\n\n\n\n<li>supplier risk management<\/li>\n<\/ul>\n\n<p>Architecture supports <strong>governance decisions<\/strong>, but technical enforcement may vary.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h3 class=\"wp-block-heading\"><strong>DORA Governance Model<\/strong><\/h3>\n\n<ul class=\"wp-block-list\">\n<li>formal ICT risk management framework<\/li>\n\n\n\n<li>explicit inclusion of CI\/CD in risk scope<\/li>\n\n\n\n<li>strict ownership and accountability<\/li>\n\n\n\n<li>strong linkage between governance and technical controls<\/li>\n<\/ul>\n\n<p>Architecture ensures <strong>governance is enforced technically<\/strong>.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Evidence and Auditability<\/strong><\/h2>\n\n<h3 class=\"wp-block-heading\"><strong>NIS2 Evidence Expectations<\/strong><\/h3>\n\n<p>NIS2 requires organizations to demonstrate:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>risk assessments<\/li>\n\n\n\n<li>implemented security measures<\/li>\n\n\n\n<li>incident handling capability<\/li>\n<\/ul>\n\n<p>Evidence may include:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>policies and procedures<\/li>\n\n\n\n<li>logs and monitoring records<\/li>\n\n\n\n<li>incident reports<\/li>\n<\/ul>\n\n<p>Evidence is often <strong>contextual and proportional<\/strong>.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h3 class=\"wp-block-heading\"><strong>DORA Evidence Expectations<\/strong><\/h3>\n\n<p>DORA requires:<\/p>\n\n<ul class=\"wp-block-list\">\n<li><strong>continuous, system-generated evidence<\/strong><\/li>\n\n\n\n<li>traceability across the full ICT lifecycle<\/li>\n\n\n\n<li>reproducible audit trails<\/li>\n<\/ul>\n\n<p>Evidence is expected to be:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>centralized<\/li>\n\n\n\n<li>retained<\/li>\n\n\n\n<li>demonstrable on demand<\/li>\n<\/ul>\n\n<p>Architecture must support <strong>continuous compliance<\/strong>, not point-in-time audits.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Supply Chain and Third-Party Risk<\/strong><\/h2>\n\n<h3 class=\"wp-block-heading\"><strong>NIS2 Supply Chain Architecture<\/strong><\/h3>\n\n<ul class=\"wp-block-list\">\n<li>supplier governance and risk assessment<\/li>\n\n\n\n<li>proportional controls based on criticality<\/li>\n\n\n\n<li>focus on preparedness and coordination<\/li>\n<\/ul>\n\n<p>CI\/CD supports:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>dependency visibility<\/li>\n\n\n\n<li>supplier risk mitigation<\/li>\n<\/ul>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h3 class=\"wp-block-heading\"><strong>DORA Supply Chain Architecture<\/strong><\/h3>\n\n<ul class=\"wp-block-list\">\n<li>ICT third-party risk management integrated into ICT governance<\/li>\n\n\n\n<li>strong focus on critical ICT providers<\/li>\n\n\n\n<li>alignment with financial supervisory expectations<\/li>\n<\/ul>\n\n<p>CI\/CD supports:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>artifact integrity<\/li>\n\n\n\n<li>provenance<\/li>\n\n\n\n<li>controlled supplier access<\/li>\n<\/ul>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Incident Response and Operational Resilience<\/strong><\/h2>\n\n<h3 class=\"wp-block-heading\"><strong>NIS2 Architecture<\/strong><\/h3>\n\n<ul class=\"wp-block-list\">\n<li>incident detection and response<\/li>\n\n\n\n<li>coordination with authorities<\/li>\n\n\n\n<li>focus on service continuity<\/li>\n<\/ul>\n\n<p>Architecture supports <strong>preparedness and responsiveness<\/strong>.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h3 class=\"wp-block-heading\"><strong>DORA Architecture<\/strong><\/h3>\n\n<ul class=\"wp-block-list\">\n<li>operational resilience as a core objective<\/li>\n\n\n\n<li>ICT incident management tightly integrated with governance<\/li>\n\n\n\n<li>testing and recovery capabilities emphasized<\/li>\n<\/ul>\n\n<p>Architecture supports <strong>resilience by design<\/strong>.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Side-by-Side Architectural Comparison<\/strong><\/h2>\n\n<figure class=\"wp-block-table\"><table><thead><tr><th><strong>Dimension<\/strong><\/th><th><strong>NIS2<\/strong><\/th><th><strong>DORA<\/strong><\/th><\/tr><\/thead><tbody><tr><td>Regulatory scope<\/td><td>Cross-sector<\/td><td>Financial sector<\/td><\/tr><tr><td>CI\/CD role<\/td><td>Secure delivery support<\/td><td>Regulated ICT system<\/td><\/tr><tr><td>Governance enforcement<\/td><td>Organizational &amp; technical<\/td><td>Strongly technical<\/td><\/tr><tr><td>Evidence model<\/td><td>Proportional, contextual<\/td><td>Continuous, system-based<\/td><\/tr><tr><td>Audit intensity<\/td><td>Moderate to high<\/td><td>Very high<\/td><\/tr><tr><td>Supply chain focus<\/td><td>Broad<\/td><td>ICT-critical providers<\/td><\/tr><tr><td>Operational resilience<\/td><td>Required<\/td><td>Core objective<\/td><\/tr><\/tbody><\/table><\/figure>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Practical Takeaways for Architects and CISOs<\/strong><\/h2>\n\n<ul class=\"wp-block-list\">\n<li>NIS2 architectures prioritize <strong>risk management and preparedness<\/strong><\/li>\n\n\n\n<li>DORA architectures prioritize <strong>continuous control and evidence<\/strong><\/li>\n\n\n\n<li>CI\/CD pipelines are supportive under NIS2, <strong>central under DORA<\/strong><\/li>\n\n\n\n<li>Organizations subject to both must design <strong>DORA-grade architectures<\/strong><\/li>\n<\/ul>\n\n<p>A DORA-aligned architecture generally satisfies NIS2 expectations, but the reverse is not always true.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n<p>NIS2 and DORA share common principles but diverge significantly in architectural rigor and enforcement expectations. Understanding these differences is critical for designing compliant, resilient systems\u2014especially when CI\/CD pipelines are involved.<\/p>\n\n<p>Architectures that treat CI\/CD pipelines as enforcement and evidence-generating systems are best positioned to meet both regulatory frameworks with minimal duplication.<\/p>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n<h2 class=\"wp-block-heading\"><strong>Related Content<\/strong><\/h2>\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/regulated-devsecops.com\/compliance\/nis2-security-architecture-explained\/\" data-type=\"post\" data-id=\"279\">NIS2 Security Architecture \u2014 Explained<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/regulated-devsecops.com\/compliance\/dora-compliance-architecture-explained\/\" data-type=\"post\" data-id=\"277\">DORA Compliance Architecture \u2014 Explained<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/regulated-devsecops.com\/ci-cd-security\/\" data-type=\"page\" data-id=\"11\">CI\/CD Security<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/regulated-devsecops.com\/ci-cd-security\/continuous-compliance-via-ci-cd-pipelines\/\" data-type=\"post\" data-id=\"334\">Continuous Compliance via CI\/CD<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/regulated-devsecops.com\/compliance\/how-auditors-actually-review-ci-cd-pipelines\/\" data-type=\"post\" data-id=\"261\">How Auditors Actually Review CI\/CD Pipelines<\/a><\/strong><\/li>\n<\/ul>\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n    <section class=\"rds-author-box rds-author-box--audit\"\r\n             dir=\"ltr\" lang=\"es\"\r\n             style=\"border:1px solid rgba(100,116,139,.35);border-radius:14px;padding:16px 18px;margin:26px 0 18px;background:rgba(148,163,184,.08);\">\r\n      <strong style=\"margin:0 0 8px; font-size:14px; font-weight:700; letter-spacing:.02em;\">Contexto \u201caudit-ready\u201d<\/strong>\r\n      <p style=\"margin:0; font-size:14px; line-height:1.55;\">Contenido pensado para entornos regulados: controles antes que herramientas, enforcement en CI\/CD y evidencia por dise\u00f1o para auditor\u00edas.<\/p>\r\n      <p style=\"margin:0; font-size:14px; line-height:1.55;\">Enfoque en trazabilidad, aprobaciones, gobernanza de excepciones y retenci\u00f3n de evidencia de extremo a extremo.<\/p>\r\n      <p style=\"margin:0; font-size:14px; line-height:1.55;\">\r\n        <a href=\"https:\/\/regulated-devsecops.com\/es\/es\/about\/\">Ver la metodolog\u00eda en la p\u00e1gina About.<\/a>\r\n      <\/p>\r\n    <\/section>\r\n    \n","protected":false},"excerpt":{"rendered":"<p>Comparaci\u00f3n arquitect\u00f3nica de NIS2 y DORA: c\u00f3mo la gobernanza, los pipelines CI\/CD y los controles operacionales se estructuran de manera diferente bajo cada marco regulatorio.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[135,133,132],"tags":[],"post_folder":[],"class_list":["post-1917","post","type-post","status-publish","format-standard","hentry","category-regulatory-frameworks-es","category-cross-regulation-comparisons-es","category-ci-cd-governance-es"],"_links":{"self":[{"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/posts\/1917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/comments?post=1917"}],"version-history":[{"count":0,"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/posts\/1917\/revisions"}],"wp:attachment":[{"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/media?parent=1917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/categories?post=1917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/tags?post=1917"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/regulated-devsecops.com\/es\/wp-json\/wp\/v2\/post_folder?post=1917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}