Compliant Financial Infrastructure (CFI) seeks to accelerate the development, deployment and adoption of services provided for infrastructure in a way that complies with common regulatory and internal security controls.
The CFI community collaboratively maintains a series of standalone resources that fall into two categories:
- Infrastructure as Code modules
- Compliance Validation Plugins
Each resource maintained by the community are designed according to the controls produced by the Common Cloud Controls (CCC) project.
All outputs should be independently version controlled in standalone repositories. For example, one repo might exist for each OpenTofu/Terraform child module. Similarly, a separate repo might exist for every Privateer Raid validator plugin.
Prior to completion, it is expected that development takes place in a code repository that is managed by the contributor (personal or organization). When the contribution is feature complete, the CFI community will review the contribution for acceptance into the FINOS namespace.
Contributors should collaborate openly with the community to avoid duplication of effort, such as two teams independently developing a validator for the same cloud service or controls.
If desired, the contributing team may retain their attribution on the repository's README for as long as they are leading the maintenance and updates of the resource.
The CFI community has a monthly call where we synchronize our efforts and share lessons learned. Join us through the FINOS Calendar on the second Wednesday of every month.
You can also join us on Slack!
For more information about how to engage with the rest of the community and contribute to the project, view the documentation and links here.
Please feel free to request changes via GitHub Issues.
If you have any security concerns related to this project, please create an issue on this repository or create an issue on the repository associated with your concern.