OpenStack is now serious platform for business with huge momentum in government and telco industries the world over. In these verticals regulatory and security requirements are difficult to manage and OpenStack must rise to meet compliance frameworks such as FedRAMP, ANSSI and ETSI.
In this session, we will discuss OpenStack concerns and explore the latest in compliance tooling. In the spirit of "Compliance as Code" we've completed a proof of concept integration of OpenControl and OpenStack. With this work we'll show how security control remediation can be layered to create meaningful security documentation, gap analysis and reporting.
In this session we explore:
- OpenControl (and compliance masonry) with OpenStack
- Compliance Masonry for Security Documentation
- An OpenStack FedRAMP HIGH public sector profile
Attendees can expect to learn:
What tooling exists to help manage compliance
How we can treat "compliance as code"
Which technical control groups matter in OpenStack
How a public sector organization achieved FedRAMP High in 3 months.