SlideShare a Scribd company logo

OpenControl Overview - Joshua McKenty

J
Julie Coonce

Joshua McKenty Talks OpenControl @ Cloud Native DC Meetup || March 8, 2016

Technology
1 of 17
Download to read offline
1© 2014 Pivotal Software, Inc. All rights reserved. 1© 2014 Pivotal Software, Inc. All rights reserved. Compliance as Code thru Continuous Authorization for A&A Joshua McKenty, Pivotal
“Bureaucracy is the art of making the possible impossible.” ~ Javier Pascal Salcedo
3© 2014 Pivotal Software, Inc. All rights reserved. What: Automated Pipelines of A&A As TDD is to Development, and DevOps is to Operations, so OpenControl is to Compliance.
4© 2014 Pivotal Software, Inc. All rights reserved. Why? Ÿ  Speed is everything –  Respond quickly to CVEs –  Respond quickly to mission requirements –  Deploy frequently to avoid “Big-Bang” risks Ÿ  Automation makes Speed possible Ÿ  (Bonus: Automation makes security BETTER!)
5© 2014 Pivotal Software, Inc. All rights reserved. How (Theory) Ÿ  Unified or parallel pipelines of code and compliance Ÿ  Pipeline requirements: –  Dependency injection –  Task reuse –  Multiple inputs, multiple outputs Ÿ  Common schema, common components Ÿ  Separation of components from system details
6© 2014 Pivotal Software, Inc. All rights reserved. How (Practice): http://open-control.org Ÿ  Schema (YAML) Ÿ  Tools (CLI and web) Ÿ  Pipelines (Concourse.ci) Ÿ  Common compliance packages (800-53, FedRAMP, etc)
7© 2014 Pivotal Software, Inc. All rights reserved. 7© 2014 Pivotal Software, Inc. All rights reserved. YAML!!!!!
9© 2014 Pivotal Software, Inc. All rights reserved. How (Practice) Ÿ  Inputs: –  Certifications –  Standards –  Component Controls –  System Details Ÿ  Outputs: –  BoE / SPP (as a .docx) –  Inventory reports (in .xsl) –  POAM details –  OpenSCAP config
10© 2014 Pivotal Software, Inc. All rights reserved. Community
11© 2014 Pivotal Software, Inc. All rights reserved.
12© 2014 Pivotal Software, Inc. All rights reserved. Schemas
13© 2014 Pivotal Software, Inc. All rights reserved.
15© 2014 Pivotal Software, Inc. All rights reserved.
16© 2014 Pivotal Software, Inc. All rights reserved. 16© Copyright 2014 Pivotal. All rights reserved. "Culture does not change because we desire to change it. Culture changes when the organization is transformed; the culture reflects the realities of people working together every day.” - Frances Hesselbein
OpenControl Overview - Joshua McKenty

Recommended

Cloud Native Future
Cloud Native FutureCloud Native Future
Cloud Native FutureJulie Coonce
 
DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?Tathagat Varma
 
Devops skills you got what it takes ?
Devops skills you got what it takes ?Devops skills you got what it takes ?
Devops skills you got what it takes ?Initcron Systems Private Limited
 
A DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCA DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCBMK Lakshminarayanan
 
DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15Edureka!
 
Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Matthew Skelton
 
Devops
DevopsDevops
DevopsFernando Ike
 
Introduction to devops - update 2017
Introduction to devops - update 2017Introduction to devops - update 2017
Introduction to devops - update 2017gjdevos
 

Recommended

Cloud Native Future
Cloud Native FutureCloud Native Future
Cloud Native FutureJulie Coonce
 
DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?Tathagat Varma
 
Devops skills you got what it takes ?
Devops skills you got what it takes ?Devops skills you got what it takes ?
Devops skills you got what it takes ?Initcron Systems Private Limited
 
A DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCA DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCBMK Lakshminarayanan
 
DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15Edureka!
 
Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Matthew Skelton
 
Devops
DevopsDevops
DevopsFernando Ike
 
Introduction to devops - update 2017
Introduction to devops - update 2017Introduction to devops - update 2017
Introduction to devops - update 2017gjdevos
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsMd. Mazharul Anwar
 
DevOps
DevOps DevOps
DevOps Hakan Yüksel
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsJoão Miranda
 
Dev ops
Dev opsDev ops
Dev opsEslam El Husseiny
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...Edureka!
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessBMK Lakshminarayanan
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroNajib Radzuan
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsNitin Bhide
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summitChihyang Li
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionRobert Sell
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017Giulio Vian
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016gjdevos
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...David Walker
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - AccelerateDelta-N
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityAgileSparks
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyCA Technologies
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps ToolsJagatveer Singh
 
Devops
DevopsDevops
DevopsKris Buytaert
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
 
Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootSufyaan Kazi
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 

More Related Content

What's hot

DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsJoão Miranda
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...Edureka!
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessBMK Lakshminarayanan
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroNajib Radzuan
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsNitin Bhide
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summitChihyang Li
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionRobert Sell
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017Giulio Vian
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016gjdevos
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...David Walker
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - AccelerateDelta-N
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityAgileSparks
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyCA Technologies
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps ToolsJagatveer Singh
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
 

What's hot (20)

DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOps
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
DevOps
DevOps DevOps
DevOps
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Dev ops
Dev opsDev ops
Dev ops
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology Intro
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core Concepts
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summit
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps Introduction
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - Accelerate
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to reality
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than Technology
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps Tools
 
Devops
DevopsDevops
Devops
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
 

Similar to OpenControl Overview - Joshua McKenty

Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootSufyaan Kazi
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 
Removing Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsRemoving Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsMarie-Jeanne Dougados
 
2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product StrategyCollabNet
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015Pavel Bucek
 
DevOps Deconstructed
DevOps DeconstructedDevOps Deconstructed
DevOps DeconstructedJeremy Pullen
 
Il paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationIl paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationHP Enterprise Italia
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudIBM UrbanCode Products
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXBruno Borges
 
Linux Foundation Japan 2015
Linux Foundation Japan 2015Linux Foundation Japan 2015
Linux Foundation Japan 2015Jason Jackson
 
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...jeckels
 
Cloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCodemotion
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Tomek Borek
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsGene Kim
 
Harman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationHarman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationXebia India
 
Pivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow KeynotePivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow Keynotecornelia davis
 
Oracle REST Data Services
Oracle REST Data ServicesOracle REST Data Services
Oracle REST Data ServicesChris Muir
 

Similar to OpenControl Overview - Joshua McKenty (20)

Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring Boot
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIs
 
Removing Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsRemoving Barriers Between Dev and Ops
Removing Barriers Between Dev and Ops
 
2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015
 
DevOps Deconstructed
DevOps DeconstructedDevOps Deconstructed
DevOps Deconstructed
 
Il paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationIl paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery Automation
 
Pivotal CF 소개
Pivotal CF 소개 Pivotal CF 소개
Pivotal CF 소개
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
 
Linux Foundation Japan 2015
Linux Foundation Japan 2015Linux Foundation Japan 2015
Linux Foundation Japan 2015
 
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
 
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracleSOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
 
Cloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platform
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
 
Harman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationHarman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformation
 
Pivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow KeynotePivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow Keynote
 
Oracle REST Data Services
Oracle REST Data ServicesOracle REST Data Services
Oracle REST Data Services
 

Recently uploaded

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

OpenControl Overview - Joshua McKenty

  • 1. 1© 2014 Pivotal Software, Inc. All rights reserved. 1© 2014 Pivotal Software, Inc. All rights reserved. Compliance as Code thru Continuous Authorization for A&A Joshua McKenty, Pivotal
  • 2. “Bureaucracy is the art of making the possible impossible.” ~ Javier Pascal Salcedo
  • 3. 3© 2014 Pivotal Software, Inc. All rights reserved. What: Automated Pipelines of A&A As TDD is to Development, and DevOps is to Operations, so OpenControl is to Compliance.
  • 4. 4© 2014 Pivotal Software, Inc. All rights reserved. Why? Ÿ  Speed is everything –  Respond quickly to CVEs –  Respond quickly to mission requirements –  Deploy frequently to avoid “Big-Bang” risks Ÿ  Automation makes Speed possible Ÿ  (Bonus: Automation makes security BETTER!)
  • 5. 5© 2014 Pivotal Software, Inc. All rights reserved. How (Theory) Ÿ  Unified or parallel pipelines of code and compliance Ÿ  Pipeline requirements: –  Dependency injection –  Task reuse –  Multiple inputs, multiple outputs Ÿ  Common schema, common components Ÿ  Separation of components from system details
  • 6. 6© 2014 Pivotal Software, Inc. All rights reserved. How (Practice): http://open-control.org Ÿ  Schema (YAML) Ÿ  Tools (CLI and web) Ÿ  Pipelines (Concourse.ci) Ÿ  Common compliance packages (800-53, FedRAMP, etc)
  • 7. 7© 2014 Pivotal Software, Inc. All rights reserved. 7© 2014 Pivotal Software, Inc. All rights reserved. YAML!!!!!
  • 8.
  • 9. 9© 2014 Pivotal Software, Inc. All rights reserved. How (Practice) Ÿ  Inputs: –  Certifications –  Standards –  Component Controls –  System Details Ÿ  Outputs: –  BoE / SPP (as a .docx) –  Inventory reports (in .xsl) –  POAM details –  OpenSCAP config
  • 10. 10© 2014 Pivotal Software, Inc. All rights reserved. Community
  • 11. 11© 2014 Pivotal Software, Inc. All rights reserved.
  • 12. 12© 2014 Pivotal Software, Inc. All rights reserved. Schemas
  • 13. 13© 2014 Pivotal Software, Inc. All rights reserved.
  • 14.
  • 15. 15© 2014 Pivotal Software, Inc. All rights reserved.
  • 16. 16© 2014 Pivotal Software, Inc. All rights reserved. 16© Copyright 2014 Pivotal. All rights reserved. "Culture does not change because we desire to change it. Culture changes when the organization is transformed; the culture reflects the realities of people working together every day.” - Frances Hesselbein