SlideShare a Scribd company logo

OpenControl Overview - Joshua McKenty

J
Julie Coonce

Joshua McKenty Talks OpenControl @ Cloud Native DC Meetup || March 8, 2016

Technology
1 of 17
Download to read offline
1© 2014 Pivotal Software, Inc. All rights reserved. 1© 2014 Pivotal Software, Inc. All rights reserved. Compliance as Code thru Continuous Authorization for A&A Joshua McKenty, Pivotal
“Bureaucracy is the art of making the possible impossible.” ~ Javier Pascal Salcedo
3© 2014 Pivotal Software, Inc. All rights reserved. What: Automated Pipelines of A&A As TDD is to Development, and DevOps is to Operations, so OpenControl is to Compliance.
4© 2014 Pivotal Software, Inc. All rights reserved. Why? Ÿ  Speed is everything –  Respond quickly to CVEs –  Respond quickly to mission requirements –  Deploy frequently to avoid “Big-Bang” risks Ÿ  Automation makes Speed possible Ÿ  (Bonus: Automation makes security BETTER!)
5© 2014 Pivotal Software, Inc. All rights reserved. How (Theory) Ÿ  Unified or parallel pipelines of code and compliance Ÿ  Pipeline requirements: –  Dependency injection –  Task reuse –  Multiple inputs, multiple outputs Ÿ  Common schema, common components Ÿ  Separation of components from system details
6© 2014 Pivotal Software, Inc. All rights reserved. How (Practice): http://open-control.org Ÿ  Schema (YAML) Ÿ  Tools (CLI and web) Ÿ  Pipelines (Concourse.ci) Ÿ  Common compliance packages (800-53, FedRAMP, etc)
7© 2014 Pivotal Software, Inc. All rights reserved. 7© 2014 Pivotal Software, Inc. All rights reserved. YAML!!!!!
9© 2014 Pivotal Software, Inc. All rights reserved. How (Practice) Ÿ  Inputs: –  Certifications –  Standards –  Component Controls –  System Details Ÿ  Outputs: –  BoE / SPP (as a .docx) –  Inventory reports (in .xsl) –  POAM details –  OpenSCAP config
10© 2014 Pivotal Software, Inc. All rights reserved. Community
11© 2014 Pivotal Software, Inc. All rights reserved.
12© 2014 Pivotal Software, Inc. All rights reserved. Schemas
13© 2014 Pivotal Software, Inc. All rights reserved.
15© 2014 Pivotal Software, Inc. All rights reserved.
16© 2014 Pivotal Software, Inc. All rights reserved. 16© Copyright 2014 Pivotal. All rights reserved. "Culture does not change because we desire to change it. Culture changes when the organization is transformed; the culture reflects the realities of people working together every day.” - Frances Hesselbein
OpenControl Overview - Joshua McKenty

Recommended

Cloud Native Future
Cloud Native FutureCloud Native Future
Cloud Native FutureJulie Coonce
 
DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?Tathagat Varma
 
Devops skills you got what it takes ?
Devops skills you got what it takes ?Devops skills you got what it takes ?
Devops skills you got what it takes ?Initcron Systems Private Limited
 
A DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCA DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCBMK Lakshminarayanan
 
DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15Edureka!
 
Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Matthew Skelton
 
Devops
DevopsDevops
DevopsFernando Ike
 
Introduction to devops - update 2017
Introduction to devops - update 2017Introduction to devops - update 2017
Introduction to devops - update 2017gjdevos
 

Recommended

Cloud Native Future
Cloud Native FutureCloud Native Future
Cloud Native FutureJulie Coonce
 
DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?Tathagat Varma
 
Devops skills you got what it takes ?
Devops skills you got what it takes ?Devops skills you got what it takes ?
Devops skills you got what it takes ?Initcron Systems Private Limited
 
A DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCA DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCBMK Lakshminarayanan
 
DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15Edureka!
 
Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Matthew Skelton
 
Devops
DevopsDevops
DevopsFernando Ike
 
Introduction to devops - update 2017
Introduction to devops - update 2017Introduction to devops - update 2017
Introduction to devops - update 2017gjdevos
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsMd. Mazharul Anwar
 
DevOps
DevOps DevOps
DevOps Hakan Yüksel
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsJoão Miranda
 
Dev ops
Dev opsDev ops
Dev opsEslam El Husseiny
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...Edureka!
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessBMK Lakshminarayanan
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroNajib Radzuan
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsNitin Bhide
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summitChihyang Li
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionRobert Sell
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017Giulio Vian
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016gjdevos
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...David Walker
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - AccelerateDelta-N
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityAgileSparks
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyCA Technologies
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps ToolsJagatveer Singh
 
Devops
DevopsDevops
DevopsKris Buytaert
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
 
Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootSufyaan Kazi
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 

More Related Content

What's hot

DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsJoão Miranda
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...Edureka!
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessBMK Lakshminarayanan
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroNajib Radzuan
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsNitin Bhide
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summitChihyang Li
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionRobert Sell
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017Giulio Vian
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016gjdevos
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...David Walker
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - AccelerateDelta-N
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityAgileSparks
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyCA Technologies
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps ToolsJagatveer Singh
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
 

What's hot (20)

DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOps
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
DevOps
DevOps DevOps
DevOps
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Dev ops
Dev opsDev ops
Dev ops
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology Intro
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core Concepts
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summit
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps Introduction
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - Accelerate
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to reality
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than Technology
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps Tools
 
Devops
DevopsDevops
Devops
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
 

Similar to OpenControl Overview - Joshua McKenty

Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootSufyaan Kazi
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 
Removing Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsRemoving Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsMarie-Jeanne Dougados
 
2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product StrategyCollabNet
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015Pavel Bucek
 
DevOps Deconstructed
DevOps DeconstructedDevOps Deconstructed
DevOps DeconstructedJeremy Pullen
 
Il paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationIl paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationHP Enterprise Italia
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudIBM UrbanCode Products
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXBruno Borges
 
Linux Foundation Japan 2015
Linux Foundation Japan 2015Linux Foundation Japan 2015
Linux Foundation Japan 2015Jason Jackson
 
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...jeckels
 
Cloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCodemotion
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Tomek Borek
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsGene Kim
 
Harman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationHarman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationXebia India
 
Pivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow KeynotePivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow Keynotecornelia davis
 
Oracle REST Data Services
Oracle REST Data ServicesOracle REST Data Services
Oracle REST Data ServicesChris Muir
 

Similar to OpenControl Overview - Joshua McKenty (20)

Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring Boot
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIs
 
Removing Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsRemoving Barriers Between Dev and Ops
Removing Barriers Between Dev and Ops
 
2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015
 
DevOps Deconstructed
DevOps DeconstructedDevOps Deconstructed
DevOps Deconstructed
 
Il paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationIl paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery Automation
 
Pivotal CF 소개
Pivotal CF 소개 Pivotal CF 소개
Pivotal CF 소개
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
 
Linux Foundation Japan 2015
Linux Foundation Japan 2015Linux Foundation Japan 2015
Linux Foundation Japan 2015
 
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
 
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracleSOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
 
Cloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platform
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
 
Harman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationHarman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformation
 
Pivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow KeynotePivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow Keynote
 
Oracle REST Data Services
Oracle REST Data ServicesOracle REST Data Services
Oracle REST Data Services
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

OpenControl Overview - Joshua McKenty

  • 1. 1© 2014 Pivotal Software, Inc. All rights reserved. 1© 2014 Pivotal Software, Inc. All rights reserved. Compliance as Code thru Continuous Authorization for A&A Joshua McKenty, Pivotal
  • 2. “Bureaucracy is the art of making the possible impossible.” ~ Javier Pascal Salcedo
  • 3. 3© 2014 Pivotal Software, Inc. All rights reserved. What: Automated Pipelines of A&A As TDD is to Development, and DevOps is to Operations, so OpenControl is to Compliance.
  • 4. 4© 2014 Pivotal Software, Inc. All rights reserved. Why? Ÿ  Speed is everything –  Respond quickly to CVEs –  Respond quickly to mission requirements –  Deploy frequently to avoid “Big-Bang” risks Ÿ  Automation makes Speed possible Ÿ  (Bonus: Automation makes security BETTER!)
  • 5. 5© 2014 Pivotal Software, Inc. All rights reserved. How (Theory) Ÿ  Unified or parallel pipelines of code and compliance Ÿ  Pipeline requirements: –  Dependency injection –  Task reuse –  Multiple inputs, multiple outputs Ÿ  Common schema, common components Ÿ  Separation of components from system details
  • 6. 6© 2014 Pivotal Software, Inc. All rights reserved. How (Practice): http://open-control.org Ÿ  Schema (YAML) Ÿ  Tools (CLI and web) Ÿ  Pipelines (Concourse.ci) Ÿ  Common compliance packages (800-53, FedRAMP, etc)
  • 7. 7© 2014 Pivotal Software, Inc. All rights reserved. 7© 2014 Pivotal Software, Inc. All rights reserved. YAML!!!!!
  • 8.
  • 9. 9© 2014 Pivotal Software, Inc. All rights reserved. How (Practice) Ÿ  Inputs: –  Certifications –  Standards –  Component Controls –  System Details Ÿ  Outputs: –  BoE / SPP (as a .docx) –  Inventory reports (in .xsl) –  POAM details –  OpenSCAP config
  • 10. 10© 2014 Pivotal Software, Inc. All rights reserved. Community
  • 11. 11© 2014 Pivotal Software, Inc. All rights reserved.
  • 12. 12© 2014 Pivotal Software, Inc. All rights reserved. Schemas
  • 13. 13© 2014 Pivotal Software, Inc. All rights reserved.
  • 14.
  • 15. 15© 2014 Pivotal Software, Inc. All rights reserved.
  • 16. 16© 2014 Pivotal Software, Inc. All rights reserved. 16© Copyright 2014 Pivotal. All rights reserved. "Culture does not change because we desire to change it. Culture changes when the organization is transformed; the culture reflects the realities of people working together every day.” - Frances Hesselbein