As a contributor to the Cloud Service Certification project I will convert the Cloud Security Alliance CSA_CCM_v3.0 spreadsheet to markdown and add to the CSC GitHub wiki as a new independent page

[mcleo-d]

As a contributor to the Cloud Service Certification project I will convert the Cloud Security Alliance CSA_CCM_v3.0 spreadsheet to markdown and add to the CSC GitHub wiki as a new independent page

Description of Problem:

To keep the CSC community updated on cloud controls, the Cloud Security Alliance CSA_CCM_v3.0 spreadsheet should be added to the CSC GitHub wiki.

Potential Solutions:

• Download Cloud Security Alliance CSA_CCM_v3.0 spreadsheet
  • https://downloads.cloudsecurityalliance.org/initiatives/ccm/CSA_CCM_v3.0.xlsx

• Clone the CSC wiki local - https://github.com/finos/cloud-service-certification.wiki.git
• Create a new page called "Cloud Controls Matrix Version 3.0"

• Convert the Cloud Security Alliance CSA_CCM_v3.0 spreadsheet to markdown using Pandoc.
  • https://github.com/finos/cloud-service-certification#converting-docx-to-markdown

• Add link to Cloud Security Alliance CSA_CCM_v3.0 spreadsheet to markdown
  • https://downloads.cloudsecurityalliance.org/initiatives/ccm/CSA_CCM_v3.0.xlsx
• Push new "Cloud Controls Matrix Version 3.0" page to CSC wiki

[git-hub-forwork1]

Just to be add some clarity to the purpose and intended outcome of this task. Have this spreadsheet and the included recommendations put into tasks it will make it easier to to have a framework of what controls to build for each reviewed cloud service.
The point of this project is not to duplicate another project like CSA or to create content based on generic control language non-specific to our industry requirements. The point of the project is to build the artifacts with specific controls that relate to financial industry regulations so that we can consume them, fit them to our specific organizations, and adopt cloud services more rapidly.
The difference being between just creating an implementation for the generic CSA language and this project is that this project is creating specific implementation and testing content for each cloud service rather than a generic reference implementation.

[fleadsom]

I would see the purpose of these documents is to be able to describe FDX outside of the project team e.g. within our organisations, not for the developers themselves.

• On the one hand, markdown provides a good format for developers

• On the other hand, editable files e.g. Excel will be better received by non project members.

From this perspective I would advocate keeping files in their original editable forms e.g. Excel files and to try and keep them to a minimum. Developers can create their own basic markdown for the purpose of usage instructions, but I don't think the project team need a full set of documentation in markdown form for their own purposes.

[peterrhysthomas]

I agree with @git-hub-forwork1, it looks like CSA is a potential source of requirements for this project and we don't need to replicate their content within our site. Rather we should work out a way to reference this information, probably initially by describing how we use this for requirements and then work out a mechanism to provide back reference (by tagging or something) for the specific implementation to these requirements.

[mcleo-d]

CSA documentation links have been added to PR #50 as a documentation resource for future referral if required. This issue will be resolved with PR merge.