Michael Lysaght
Michael Lysaght
This PR is draft and is an initial proposal from Damien and myself on structure to a basic threat catalog and control catalog taxonomy in basic md format, with example...
Need to work on tests, but would like to get to initial feedback on control objectives first
## Feature Request ### Description of Problem: We currently lack a structured approach to define and differentiate the assurance levels associated with the implementation and evidencing of CCC controls. The...
## Feature Request ### Description of Problem: We need to design a comprehensive end-to-end process for assessing the security posture of generic cloud services and generating detailed reports using NIST...
## Feature Request # Description of Problem: We need to complete the definition of controls (and associated threats) for RDMS: https://github.com/finos/common-cloud-controls/tree/main/services/database/relational # Potential Solutions: Add in new controls and threats...
## Feature Request # Description of Problem: We need to complete the definition of controls (and associated threats) for VPC: https://github.com/finos/common-cloud-controls/tree/main/services/networking/vpc # Potential Solutions: Add in new controls and threats...
## Feature Request ### Description of Problem: We need to complete the definition of controls (and associated threats) for KeyMgmt: https://github.com/finos/common-cloud-controls/tree/main/services/crypto/key ### Potential Solutions: Add in new controls and threats...
@eddie-knight - added in todos as well on two threats related to KMS that are currently down as common, but may be better shifted to KMS specific threats - let...
As part of proof-concept, this YAML structure organizes controls into an _OSCAL Profile_ in the OSCAL _Control Layer_ with respective groups based on their control families, and each control includes...