This project is Phase II for Issue #635 Cloud Native Security controls. This will be completed in collaboration with CCM from CSA.

Scope -

Mapping to existing frameworks and regulations (CSA, NIST, FedRamp, SOX, GDPR, etc.)
Conversion to machine readable format (OSCAL, JSON, etc.)
Inclusion of tests to validate/verify (both process and technical tests as appropriate)
Application to security reviews to improve consistency of CNCF Security TAG reviews

This controls catalogue should also address requirements for Auditors for Cloud Native Platforms

Impact: Describe the customer impact of the problem. Who will this help? How will it help them?

Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals. Feel free to include proposed tasks below or link a Google doc

TO DO

• Security TAG Leadership Representative: @achetal01

• Project leader(s): @JonZeolla

• Project Members:[@pratiklotia] [@faisalrazzak] [@anners]

• Fill in addition TODO items here so the project team and community can see progress!

• Scope

• Deliverable(s)

• Project Schedule

• Slack Channel (as needed) #tag-security-controls

• Meeting Time & Day: Every other Tuesday at 2pm ET, starting 2022-05-31

Meeting Hangouts Link: (https://meet.google.com/gra-vpip-uvu)

• Meeting Notes (https://docs.google.com/document/d/1ARLHrZ4SKIEwnSKgDaa39vS19dVIH45RjfERBaJ1vlg/edit?usp=sharing)
• Meeting Details: https://meet.google.com/gra-vpip-uvu?pli=1
• Retrospective