[Proposal] White Paper Compliance Use Cases #1436
Comments
hubbertsmith
added
proposal
|
I have reviewed and think it has important points. Since it notes that the top breach vectors are Credential related, I would suggest reviewing with relevant CNCF projects contribute examples of how these are mitigated would underline the CNCF contributions to solving these challenges. For example KeyCloak, OPA, Cloud custodian, certmanager, many others...and given that it has a lot of content on data breaches in particular, maybe some of the more data lifecycle projects are relevant and could chime in with examples/best practices, eg. etcd, tikv, rook, Kubeflow, many others...
I believe several participants have reviewed the paper. I would definitely like to see some of the above examples presented at the GRC WG calls and can help coordinate! overall huge +1 to moving foward! |
eddie-knight
added
whitepaper
|
Updated paper to business-narrative style updated action list above |
|
Hey @hubbertsmith, thanks for the update. Who else from the STAG has been collaborating on this? I also noticed that the document is private right now. |
|
Brandt Keller.
I wasn't aware it was set to private
Did you make it public or do i need to
…On Wed, Mar 5, 2025, 4:56 PM Eddie Knight ***@***.***> wrote:
Hey @hubbertsmith <https://github.com/hubbertsmith>, thanks for the
update. Who else from the STAG has been collaborating on this?
I also noticed that the document is private right now.
—
Reply to this email directly, view it on GitHub
<#1436 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AMQIVR2O5TRNOP46AUJA7VT2S6FKNAVCNFSM6AAAAABUDZSSOWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMBSGM2DIOJSHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
[image: eddie-knight]*eddie-knight* left a comment
(cncf/tag-security#1436)
<#1436 (comment)>
Hey @hubbertsmith <https://github.com/hubbertsmith>, thanks for the
update. Who else from the STAG has been collaborating on this?
I also noticed that the document is private right now.
—
Reply to this email directly, view it on GitHub
<#1436 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AMQIVR2O5TRNOP46AUJA7VT2S6FKNAVCNFSM6AAAAABUDZSSOWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMBSGM2DIOJSHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I don't recall who owns it 🤔 I've just requested access. |
Description: Compliance Use Cases Whitepaper
Impact: This helps developers of compliance-related software understand how the code they develop will be used, by various personas.
This helps adopters of compliance-related software understand the roles and responsibilities of the various personas.
Scope: https://docs.google.com/document/d/1N94oaZi_34e1hnafv0GNA4CEgbCT5PigkDDNRmGx9_U/edit?tab=t.0
to do --
[x] add more authors - done: Scott Peiffer, George Apostol
[] conduct reviews and edits required by Security TAG
Intent to lead:
The Compliance GRC group has expressed interested in pursing this work.
Proposal to Project:
[x ] Added to the planned meeting template
This work done within Compliance WG, we used the compliance standing meeting for reviews
https://docs.google.com/document/d/1z9xvt-Z97j4CtEH1-nR9sMWul7jQkUi_fNY7BdMPgxM/edit?tab=t.0#heading=h.3ypqt0obu6uy
[x ] Raised in a Security TAG meeting to determine interest - Jan 2025, Brandt Keller
[x ] Collaborators comment on issue for determine interest and nominate project
Anca Sailor (IBM) requested, Robert Ficcaglia endorsed - Hubbert Smith volunteered to write and drive reviews
[x ] Scope determined via meeting mm dd and/or shared document add link -- scope clarified in version 09
https://docs.google.com/document/d/1l_4HHtYVXG2dG5Y1WRzmMrdt_IcTqMHPL8u6ZQ1Zc9A
see sections 1.1.3 and 1.1.4
Scope presented to Security TAG leadership and Sponsor is assigned
TO DO
https://docs.google.com/document/d/1l_4HHtYVXG2dG5Y1WRzmMrdt_IcTqMHPL8u6ZQ1Zc9A/edit?tab=t.0#heading=h.ke940juqroxs
The text was updated successfully, but these errors were encountered: