Skip to content

eddie-knight/common-cloud-controls

 
 

Repository files navigation

FINOS - Incubating

CCC Logo

What Is It?

FINOS Common Cloud Controls (FINOS CCC) is an open standard project that describes consistent controls for compliant public cloud deployments in the financial services (FS) sector.

This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).

Download the FINOS CCC Primer Here

What Are The Benefits?

💯 Defining Best Practices Around Cloud Security

CCC aims to standardize cloud security controls for the banking sector, providing a common set of controls that CSPs can implement to meet the requirements of FS firms. As multiple FS firms are involved in the project, effort is shared, the controls will be representative of the sector as a whole, and be more robust than any one firm could develop on its own.

🎯 One Target For CSPs To Conform To

If all FS firms specify their own cloud infrastructure requirements, CSPs will have to conform to multiple standards. CCC aims to provide a single target for CSPs to conform to.

🎒 Sharing The Burden Of A Common Definition

CCC aims to reduce the burden of compliance for CSPs by providing a common definition of controls which they can adopt. As CCC controls are specified in a cloud-agostic way, CSPs can implement them in a way that is consistent with their own infrastructure, while delivering services that FS firms understand and trust.

🧭 A Path Towards Common Implementation

FINOS sister project, Compliant Financial Infrastructure aims to be a downstream implementation of the CCC controls standard. In tandem with CCC, this will provide FS firms with a one-stop shop for secure cloud infrastructure deployment.

🥇 A Path Towards Certification

It is envisaged that eventually, CCC will offer certification for CSPs who conform to the standard.

How Does It Work?

The CCC project is in incubation at the moment but aims to deliver its first standards in 2024. The project is split into 6 working groups, each with a specific focus:

  • Communications / All Hands: Focused on the overall project communications and community engagement.
  • Security - Working to specify the security controls and threats that will be covered by the standard.
  • Community Structure - Focused on the governance and structure of the CCC project.
  • Duplication Reduction - Focused on ensuring that the CCC standard does not duplicate existing standards.
  • Taxonomy - Focused on defining the taxonomy of cloud services that will be covered by the standard.
  • Delivery - Focused on the delivery of the CCC standard for use downstream by FS firms and CSPs.

Work is done in the open, with all meetings and decisions documented in the project GitHub repository.

Get Involved with FINOS Common Cloud Controls

There are several ways to contribute to FINOS Common Cloud Controls.

1. Join FINOS CCC Project Meetings

The CCC project is split into 6 working groups in the CCC project which meet on a fortnightly basis:

Working Group When Chair Mailing List
Security 4PM UK, 1st and 3rd Thursday each month @mlysaght2017 ccc-security
Delivery 4:30PM UK, 1st and 3rd Thursday each month @damienjburks ccc-delivery
Communications / All Hands 5PM UK, 1st and 3rd Thursday each month @Alexstpierrework ccc-communications
Taxonomy 4:30PM UK, 2nd and 4th Thursday each month @smendis-scottlogic ccc-taxonomy
Community Structure 5PM UK, 2nd and 4th Thursday each month @sshiells-scottlogic ccc-structure
Duplication Reduction 5:30PM UK, 2nd and 4th Thursday each month @jared-lambert ccc-duplication

Find the next meeting on the FINOS Community Calendar and browse Past Meeting Minutes in GitHub.

2. Join the FINOS Common Cloud Controls Mailing Lists

FINOS Common Cloud Controls communications are conducted through the [email protected] mailing list. Simply email [[email protected]](mailto: [email protected]) to join.

3. Raise a FINOS Common Cloud Controls GitHub Issue

FINOS Common Cloud Controls is maintained and run through GitHub. Simply Raise a GitHub Issue to ask questions or make suggestions.

FINOS CSLA Needed to Participate in Common Cloud Controls

All FINOS Common Cloud Controls participants are required to sign a FINOS Community Specification Contributor License Agreement before joining project calls and collaborating in working groups.

Please visit participants.md and raise a Pull Request by adding your name, organisation and enrollment date to the markdown file.

Raising a Pull Request on participants.md will automatically take you through the Linux Foundation EasyCLA process for signing the FINOS CSCLA.

Email [email protected] if you require further help.

FINOS Code of Conduct

Participants of FINOS standards projects should follow the FINOS Code of Conduct, which can be found at: https://community.finos.org/docs/governance/code-of-conduct

Governance

FINOS CCC Steering Committee

The CCC Steering Committee is the governing body of the CCC project, providing decision-making and oversight pertaining to the CCC project bylaws, sub-organizations, and financial planning. The Steering Committee also defines the project values and structure. Documented here.

Name Representing Seat
Jon Meadows Citi FSI
Oli Bage LSEG FSI
Simon Zhang BMO FSI
Vladimir Rabotka Morgan Stanley FSI
Robert Griffiths Scott Logic Community
Eddie Knight Sonatype Community
Adrian Hammond Red Hat Community

@robmoffat is the current FINOS Point of Contact for the CCC project.

License

This project uses the Community Specification License 1.0; you can read more in the LICENSE file.

The source code included in this repository is subject to the Apache-2.0 License.

Releases

No releases published

Packages

No packages published

Languages

  • Go 60.5%
  • Gherkin 39.5%