/compliant-financial-infrastructure

Compliant Financial Infrastructure accelerates the development, deployment and adoption of cloud services in a way that adheres to common security and regulatory controls.

OtherNOASSERTION

FINOS - Incubating CII Best Practices

Compliant Financial Infrastructure

Compliant Financial Infrastructure (CFI) seeks to accelerate the development, deployment and adoption of services provided for infrastructure in a way that complies with common regulatory and internal security controls.

Objectives

The CFI community collaboratively maintains a series of standalone resources that fall into two categories:

  1. Infrastructure as Code modules
  2. Compliance Validation Plugins

Each resource maintained by the community are designed according to the controls produced by the Common Cloud Controls (CCC) project.

Ways of Working

All outputs should be independently version controlled in standalone repositories. For example, one repo might exist for each OpenTofu/Terraform child module. Similarly, a separate repo might exist for every Privateer Raid validator plugin.

Prior to completion, it is expected that development takes place in a code repository that is managed by the contributor (personal or organization). When the contribution is feature complete, the CFI community will review the contribution for acceptance into the FINOS namespace.

Contributors should collaborate openly with the community to avoid duplication of effort, such as two teams independently developing a validator for the same cloud service or controls.

If desired, the contributing team may retain their attribution on the repository's README for as long as they are leading the maintenance and updates of the resource.

Join the Community!

The CFI community has a monthly call where we synchronize our efforts and share lessons learned. Join us through the FINOS Calendar on the second Wednesday of every month.

You can also join us on Slack!

For more information about how to engage with the rest of the community and contribute to the project, view the documentation and links here.

Please feel free to request changes via GitHub Issues.

Thank you to our contributors!

Security Concerns

If you have any security concerns related to this project, please create an issue on this repository or create an issue on the repository associated with your concern.