FINOS Common Cloud Controls (FINOS CCC) is an open standard project that describes consistent controls for compliant public cloud deployments in the financial services (FS) sector.
This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).
-
Browse Online: The ccc.finos.org website contains much of the resources of the CCC project in an easily browseable form including:
- In progress and published control catalogs for common cloud services
- Work in progress results of Compliant Financial Infrastructure test runs against those catalogs.
- Videos and presentations from OSFF Events.
- A CCC Primer Presentation
-
For controls development: Download the latest release PDF or Markdown for your target service, and use that as the basis for developing a control catalog for your specific organization or use case
-
For automation development: Open source validators are currently being developed by the Compliant Financial Infrastructure project.
There are several ways to contribute to FINOS Common Cloud Controls.
FINOS CCC is maintained and run through GitHub.
- Check the issues to see if there's anything you'd like to work on.
- reference-id: CCC follows an iterative process, so you can suggest changes to the standard at any time. Simply Raise a GitHub Issue to ask questions or make suggestions.
- If you see something in the repo that you'd like to improve, Pull Requests are always welcome - the main branch of the repo is considered an iterative development branch.
The CCC project is currently split into 6 working groups as follows:
- Communications / All Hands: Focused on the overall project communications and community engagement.
- Security - Working to specify the security controls and threats that will be covered by the standard.
- Taxonomy - Focused on defining the taxonomy of cloud services that will be covered by the standard.
- Compliant Financial Infrastructure - Focused on delivery of actual implementations of cloud infrastructure meeting CCC standards.
Work is done in the open, with all meetings and decisions documented in the project GitHub repository. Working groups meet on a fortnightly basis:
| Working Group | When | Chair | Mailing List |
|---|---|---|---|
| Security | - async - | @mlysaght2017 | ccc-security |
| Communications / All Hands | 5PM UK, alternate Thursdays | ccc-communications | |
| Taxonomy | 4:30PM UK, alternate Thursdays | @smendis-scottlogic | ccc-taxonomy |
| Compliant Financial Infrastructure | 10AM UK on Thursday / 4PM UK on 4th Thursday each month | @eddie-knight | cfi |
Find the next meeting on the FINOS Community Calendar and browse Past Meeting Minutes in GitHub.
FINOS CCC communications are conducted through the ccc-participants@lists.finos.org mailing list. Simply email [ccc-participants+subscribe@lists.finos.org](mailto: ccc-participants+subscribe@lists.finos.org) to join.
All FINOS CCC participants are required to sign a FINOS Community Specification Contributor License Agreement before joining project calls and collaborating in working groups.
Raising a Pull Request to include your information on participants.yaml will automatically take you through the Linux Foundation EasyCLA process for signing the FINOS CSCLA.
Email help@finos.org if you require further help.
Participants of FINOS standards projects should follow the FINOS Code of Conduct, which can be found at: https://community.finos.org/docs/governance/code-of-conduct
The CCC Steering Committee is the governing body of the CCC project, providing decision-making and oversight pertaining to the CCC project bylaws, sub-organizations, and financial planning. The Steering Committee also defines the project values and structure. Documented here.
| Name | Representing | Seat |
|---|---|---|
| Jon Meadows | Citi | FSI |
| Oli Bage | LSEG | FSI |
| Simon Zhang | BMO | FSI |
| Vladimir Rabotka | Morgan Stanley | FSI |
| Robert Griffiths | Scott Logic | Community |
| Eddie Knight | Sonatype | Community |
| Aric Rosenbaum | Red Hat | Community |
@robmoffat is the current FINOS Point of Contact for the CCC project.
This project uses the Community Specification License 1.0; you can read more in the LICENSE file.
The source code included in this repository is subject to the Apache-2.0 License.