FINOS Common Cloud Controls (FINOS CCC) is the codename for an open standard project, originally proposed by Citi and currently incubating in FINOS, to describe consistent controls for compliant public cloud deployments in the financial services sector.
This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).
You can read more and register your interest on finos.org/common-cloud-controls-project.
All FINOS Common Cloud Controls participants are required to sign a FINOS Community Specification Contributor License Agreement before joining project calls and collaborating in working groups.
Please visit participants.md and raise a Pull Request by adding your name, organisation and enrollment date to the markdown file.
Raising a Pull Request on participants.md will automatically take you through the Linux Foundation EasyCLA process for signing the FINOS CSCLA.
Email help@finos.org if you require further help.
There are several ways to contribute to FINOS Common Cloud Controls.
FINOS Common Cloud Controls meets over Zoom and you can find future agendas and previous meetings below.
- FINOS Common Cloud Controls - Project All Hands - First Thursday of Each Month
- OSCAL Representation of FINOS CCC - Second Thursday of Each Month
- Engage with MITRE Threat Catalogue - Third Thursday of Each Month
- Define Cloud Services Taxonomy - Fourth Thursday of each Month
Alternatively, find the next meeting on the FINOS Community Calendar and browse Past Meeting Minutes in GitHub.
FINOS Common Cloud Controls communications are conducted through the ccc-participants@lists.finos.org mailing list. Simply email [ccc-participants+subscribe@lists.finos.org](mailto: ccc-participants+subscribe@lists.finos.org) to join.
FINOS Common Cloud Controls is maintained and run through GitHub. Simply Raise a GitHub Issue to ask questions or make suggestions.
The CCC Steering Committee is the governing body of the CCC project, providing decision-making and oversight pertaining to the CCC project bylaws, sub-organizations, and financial planning. The Steering Committee also defines the project values and structure. Documented here.
| FINOS CCC Maintainer | Representing | Seat |
|---|---|---|
| Jon Meadows | Citi | FSI |
| Oli Bage | LSEG | FSI |
| Simon Zhang | BMO | FSI |
| Paul Stevenson | Morgan Stanley | FSI |
| Robert Griffiths | Scott Logic | Community |
| Eddie Knight | Sonatype | Community |
| Adrian Hammond | Red Hat | Community |
FINOS Common Cloud Controls is maintained by FINOS members and the wider open source in finance community.
The following are the FINOS CCC maintainers, the firms they represent and the maintainer working group alignment.
| FINOS CCC Maintainer | Representing | FINOS CCC Working Group |
|---|---|---|
| Jonathan Meadows | Citi | OSCAL Representation of CCC |
| Jason Nelson | Citi | Engage with MITRE Threat Catalogue |
| Mark Rushing | Citi | Define Cloud Services Taxonomy |
| Moe Matar | Citi | Define Cloud Services Taxonomy |
| Anna Selyugina | Goldman Sachs | Engage with MITRE & Cloud Services Taxonomy |
| Paul Stevenson | Morgan Stanley | Cloud Services Taxonomy & OSCAL Representation of CCC |
| Simon Zhang | BMO | Define Cloud Services Taxonomy |
| Adrian Hammond | Red Hat | Define Cloud Services Taxonomy |
| Naseer Mohammad | Engage with MITRE Threat Catalogue | |
| Valentin Mihai | Engage with MITRE Threat Catalogue & OSCAL Representation of CCC | |
| Rachel Kim | OSCAL Representation of CCC | |
| Raj Krishnamurthy | Compliance Cow | Engage with MITRE Threat Catalogue |
| Vicente Herrera | Control Plane | Define Cloud Services Taxonomy |
| Michaela Iorga | NIST | OSCAL Representation of CCC |
This project uses the Community Specification License 1.0; you can read more in the LICENSE file.
The source code included in this repository is subject to the Apache-2.0 License.