Compliance Automated Standard Solution (COMPASS), Part 4: Topologies of Compliance Policy Administration Centers

,

In the last post of this multi-part series, we introduced methodologies and technologies for the various compliance personas to collaboratively author compliance artifacts such as regulation catalogs, baselines, profiles, system security plans, etc. These artifacts are automatically translated as code in view of supporting regulated environments enterprise-wide continuous compliance readiness processes in an automated and scalable manner. These artifacts aim to connect the regulatory and standards’ controls with the product vendors and service providers whose products are expected to adhere to those regulations and standards. The compliance as code data model we used is the NIST Open Security Controls Assessment Language (OSCAL) compliance standard framework.

Our compliance context here refers to the full spectrum of conformance from official regulatory compliance standards and laws, to internal enterprise policies and best practices for security, resiliency, and software engineering aspects.

Source de l’article sur DZONE

/par

L’assistance proposée par ANKAA PMO

ANKAA PMO présent depuis plus de 20 ans sur le marché des services IT, accompagne les DSI dans leur recherche de compétences pour des besoins de renforts en mode régie ou l’externalisation de projets.
Vous souhaitez plus d’information ? Cliquez ici


Vous aimerez peut-être aussi
Albéa digitalise la maintenance de ses sites industriels avec SAP Asset Manager
CERTFR-2019-ALE-002 : Vulnérabilités affectant l’écosystème Microsoft Exchange et Active Directory (30 janvier 2019)
Les piliers de la sécurité des API Les piliers de la sécurité des API
ExpectedConditions in Selenium
Cloud adoption – Common architectural elements
JTEKT accélère sa planification avec SAP IBP et TeamWork
UX Design Doesn’t End With Your Website
SAP accompagne la transformation du groupe Kering avec des solutions technologiques innovantes