slsa icon indicating copy to clipboard operation
slsa copied to clipboard
verified publisher icon slsa-framework

Map SLSA to other frameworks/standards

Open melba-lopez opened this issue 3 years ago • 4 comments

Meeting compliance with different frameworks/regulations is top of mind for many companies. As companies start looking at what SLSA can do for them, it is unclear how it maps without dedicating time to look through all the requirements and map on their own.

Suggest having some sort of matrix to map to WhiteHouse EO, NIST SSDF, NIST C-SCRM, PCI, etc. Wording would have to be clear that it does not guarantee compliance, but can help with meeting some of the requirements imposed by these frameworks/standards/regulations.

melba-lopez avatar Mar 31 '22 16:03 melba-lopez

Hi Melba, I am currently working on mapping SLSA to multiple frameworks. I am hoping to share that with a workgroup.

jasonlutz-chainguard avatar Jun 09 '22 16:06 jasonlutz-chainguard

I had shared an initial spreadsheet with another company that could also be an artifact to help other folks do their own mapping in more detail. We can alter it in the workstream and make sure its consumable by the majority :)

Hi Melba, I am currently working on mapping SLSA to multiple frameworks. I am hoping to share that with a workgroup.

melba-lopez avatar Jun 09 '22 16:06 melba-lopez

Is there a way I can become involved in this mapping work? Has a draft been placed somewhere in a repo branch as a .md file, for example, with a pending MR?

jweisscrypto avatar Aug 08 '22 14:08 jweisscrypto

Hi @jweisscrypto !! We have this initial spreadsheet we've been working from. We haven't added columns yet for the new ones, but feel free to add a column for a spec/framework you don't see!

https://docs.google.com/spreadsheets/d/1P_xxMlyF5iPV51CqIk8_EhI57aR6wf1Gkrg8sRHBMMQ/edit#gid=0

melba-lopez avatar Aug 08 '22 15:08 melba-lopez