Explore the critical aspects of policy enforcement and governance in cloud-native environments using OSCAL (Open Security Controls Assessment Language) in this 43-minute conference talk. Delve into 12 essential requirements for implementing effective policy-as-code practices in multi-cluster, multi-cloud settings. Discover how OSCAL, a NIST control assessment framework, provides standardized schemas for control catalogs, customization, and reporting. Learn about the architecture, practical implementation details, and operational strategies for managing control implementation, policy generation, and compliance reporting. Gain insights from a hands-on, live demo showcasing battle-tested use cases and techniques for achieving seamless traceability across technical configurations, organizational security standards, and external regulatory compliance requirements in highly dynamic Kubernetes and cloud-native applications.
12 Essential Requirements for Policy Enforcement and Governance with OSCAL
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
12 Essential Requirements for Policy Enforcement and Governance with OSCAL - Robert Ficcaglia
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Strategies for Cloud Security Risk Management
-
Digital Classroom - AWS Security Governance at Scale
-
Kubernetes Policy, Governance, and Compliance - A Working Group Policy Update
-
Policy-Based Governance for End-to-End Integrity Control of Policies
-
Dynamic Policy Enforcement for Microservice Environments
-
The Compliance Business Case for Kubernetes in the EU - Get Ready for EUCS
