Git Product home page Git Product logo

Comments (3)

ficcaglia avatar ficcaglia commented on May 22, 2024

Just my .02, I actually think of regulatory compliance as a separate domain/concern apart from secure access or technical policy controls/features. It orchestrates and considers all the human activities surrounding and interacting with a software system.

Regulatory compliance can often be accomplished with manual human and paperwork processes (for good or ill) outside the software controls, whereas security is the interaction of various attributes and decisions concretely defined and embodied in the system architecture, design, code and behavior.

They certainly can and should reinforce each other, but I think they should be decoupled explicitly and managed separately. Put another way, I wouldn't want to design the safety and security of software with regulatory requirements as the primary goal; nor would I want to declare regulatory compliance by only mapping a set of security features/configurations to specific regulatory requirements without considering all the human workflows surrounding the system.

A mapping between security features/intents vs specific regulatory compliance requirements is a start and a helpful roadmap. My recommendation for scope would be to provide a common vocabulary of terms across various features and intents that can be cross mapped to all the many different regulatory frameworks (most of which are not container aware today!) That said HITRUST has mapped to CSA and I have done some work to map PCI and HIPAA.

from tag-security.

stale avatar stale commented on May 22, 2024

This issue has been automatically marked as inactive because it has not had recent activity.

from tag-security.

TheFoxAtWork avatar TheFoxAtWork commented on May 22, 2024

This is reflected on the Roadmap & planning FY21-22, this issue is being closed

from tag-security.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.