05/02/2024 Common Cloud Controls - All Hands #170
Comments
crawfordchanel
changed the title
crawfordchanel
changed the title
|
Michael Lysaght/Citi |
|
Sonali Mendis / Scott Logic |
|
Damien Burks - Citi 👋🏾 |
|
Cara Delia / Red Hat |
|
Jared Lambert / Microsoft |
|
Robert Griffiths / Scott Logic |
|
Alex St. Pierre / METRO Contracting |
|
Rob Moffat / FINOS 🦈 |
|
👋 |
Eddie Knight / Sonatype
|
Michaela Iorga (NIST) |
|
Abdullah Safdar / Citi |
|
Peter Smulovics / Morgan Stanley |
|
Chanel Crawford - Citi |
|
Sally Kumiga - Wellens - Citi |
|
Meeting Minutes/Summary ML: PR #168 OSCAL and MITRE working groups have been consolidated into a single “Security” working group. Desired Output: Threat informed control catalog. Please read Mission Approach and responsibilities sections in PR #168 Help Needed: Assessment of the services in the context of OSCAL. Currently It's a little generic in terms of how that's written and probably needs to be defined Objective: Leverage existing knowledge base eg; MITRE Attack Feedback requested: What do we want to achieve from the assessment perspective? Can it stay generic as it currently is? Please provide feedback on PR #168. Merge after feedback. EK: After feedback is given, charters will go to SteerCo for vote. Community feedback will be accepted through May 8th EOD. JL: When do you think we will hit a “version one” of this? ML: Version one is services taxonomy, threat, security, and assessment dependent. And then the date where the open question lies is, is the implementation of that assessment for each of those controls and where that fits within CCC. SM- Proposed charter template for Working Groups. Updates to existing charter drafts may be required the SteerCo can approve. DB- PR #167 Delivery working group will handle maintaining version control, content, release schedules, and working closely with communications WG on public/community releases. EK: Delivery WG answers questions previously posed: How are we doing releases? One release? Bulk release or all assets? How are we versioning things? How are they being released? What is our cadence? What is our structure? There is ongoing conversation around not just the design, but also on a continual basis. EK: Community Structure WG: 165: JM provided time box of 48 hours to provide commentary which expired as of this call. Currently have 4 +1’s and JM –1 which is enough to get this approved. Community agreed not to wait on JM commentary and approve this PR for merging with existing comments enabling more recommendations to the other community groups. RG: PR #161 - Taxonomy Working Group Charter Requested: Contributions from the community as charter is high level overview/DRAFT and lightweight Success criteria could be expanded because right now it just says taxonomy files can be used by others.
Charter needs WG Lead. RG does not have bandwidth. AS volunteered to help with effort. JL: PR #163 Duplication reduction Charter: The goal here really is to investigate and explore the set of existing frameworks, taxonomies, tools, and artifacts that exist in the world and say one of these we could or should potentially be leveraging e.g.: MITRE & OSCAL Goal here is to effectively produce 2 assets.
JL: Still having trouble with CLA but actively working to resolve. EK: SteerCo Update: Merging of PR #168 was approved. Any recommendations about organizational workflows, how we work, etc., this WG is the place to do it. Consensus on feedback cycles in the short term with the SteerCo more often. If there is something you want to discuss with the SteerCo, let CC know and she will add you to the meetings. Consensus from SteerCo on creating a Communications WG. Still need draft charter and organization. Call for volunteers:
SM: PR #169 Community Structure WG: Requested feedback on content and format of charter before the next steering committee. Once approved it will be expected that the community adheres. RG: Agrees to incorporate format/verbiage into taxonomy charter. EK: Confirmed we have one license to cover the entire repository. Until we have a project that wants to use a different repo, then at that point we will cross the bridge. SM: This charter makes the working group lead mandatory, so if they are proposing a working group, and that is the only mandatory rule that is required. To create a child working group is under Community guidelines: Proposing working group.MD.
Communications: Clarifies what kind of meetings there are. What is expected in those meetings. You can specify in short what kind of formatting you prefer, and there's information on how to create the meeting this test. They spell out all community guidelines. Cara: TOC Update: We're basically waiting on the charters. And I do need to send along another person from BMO, And the technical oversight committee is similar to a technical steering committee and if you are interested there will be new seats coming up because our term is expiring. And yes, if you are interested in the talk, then feel free to reach out to myself, Colin Eberhardt from Scott Logic. @finos/ccc-maintainers |
crawfordchanel
changed the title
Date
05/02/2024 - 12:00 PM ET / 5:00 PM UK
Untracked attendees
Meeting notices
FINOS Project leads are responsible for observing the FINOS guidelines for running project meetings. Project maintainers can find additional resources in the FINOS Maintainers Cheatsheet.
All participants in FINOS project meetings are subject to the LF Antitrust Policy, the FINOS Community Code of Conduct and all other FINOS policies.
FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.
Agenda
* Security – Michael Lysaght - Citi *
* Delivery/Release – Damien Burks - Citi *
* Community Structure – Eddie Knight/Stevie Shiells – Sonatype/Scott Logic *
* Taxonomy – Robert Griffiths - Scott Logic *
* Duplication Reduction – Jared Lambert - Microsoft *
Zoom info
Join Zoom Meeting
https://zoom.us/j/93861901920
Meeting ID: 938 6190 1920
Passcode: 284383
Dial by your location
• +1 719 359 4580 US
• +1 253 205 0468 US
• +1 253 215 8782 US (Tacoma)
• +1 301 715 8592 US (Washington DC)
• +1 305 224 1968 US
• +1 309 205 3325 US
• +1 312 626 6799 US (Chicago)
• +1 346 248 7799 US (Houston)
• +1 360 209 5623 US
• +1 386 347 5053 US
• +1 507 473 4847 US
• +1 564 217 2000 US
• +1 646 558 8656 US (New York)
• +1 646 931 3860 US
• +1 669 444 9171 US
• +1 669 900 6833 US (San Jose)
• +1 689 278 1000 US
• 855 880 1246 US Toll-free
• 877 369 0926 US Toll-free
• +1 438 809 7799 Canada
• +1 587 328 1099 Canada
• +1 647 374 4685 Canada
• +1 647 558 0588 Canada
• +1 778 907 2071 Canada
• +1 780 666 0144 Canada
• +1 204 272 7920 Canada
• 855 703 8985 Canada Toll-free
Meeting ID: 938 6190 1920
Find your local number: https://zoom.us/u/acPjHdY2IO
The text was updated successfully, but these errors were encountered: