SlideShare a Scribd company logo

OpenControl Overview - Joshua McKenty

J
Julie Coonce

Joshua McKenty Talks OpenControl @ Cloud Native DC Meetup || March 8, 2016

Technology
1 of 17
Download to read offline
1© 2014 Pivotal Software, Inc. All rights reserved. 1© 2014 Pivotal Software, Inc. All rights reserved. Compliance as Code thru Continuous Authorization for A&A Joshua McKenty, Pivotal
“Bureaucracy is the art of making the possible impossible.” ~ Javier Pascal Salcedo
3© 2014 Pivotal Software, Inc. All rights reserved. What: Automated Pipelines of A&A As TDD is to Development, and DevOps is to Operations, so OpenControl is to Compliance.
4© 2014 Pivotal Software, Inc. All rights reserved. Why? Ÿ  Speed is everything –  Respond quickly to CVEs –  Respond quickly to mission requirements –  Deploy frequently to avoid “Big-Bang” risks Ÿ  Automation makes Speed possible Ÿ  (Bonus: Automation makes security BETTER!)
5© 2014 Pivotal Software, Inc. All rights reserved. How (Theory) Ÿ  Unified or parallel pipelines of code and compliance Ÿ  Pipeline requirements: –  Dependency injection –  Task reuse –  Multiple inputs, multiple outputs Ÿ  Common schema, common components Ÿ  Separation of components from system details
6© 2014 Pivotal Software, Inc. All rights reserved. How (Practice): http://open-control.org Ÿ  Schema (YAML) Ÿ  Tools (CLI and web) Ÿ  Pipelines (Concourse.ci) Ÿ  Common compliance packages (800-53, FedRAMP, etc)
7© 2014 Pivotal Software, Inc. All rights reserved. 7© 2014 Pivotal Software, Inc. All rights reserved. YAML!!!!!
9© 2014 Pivotal Software, Inc. All rights reserved. How (Practice) Ÿ  Inputs: –  Certifications –  Standards –  Component Controls –  System Details Ÿ  Outputs: –  BoE / SPP (as a .docx) –  Inventory reports (in .xsl) –  POAM details –  OpenSCAP config
10© 2014 Pivotal Software, Inc. All rights reserved. Community
11© 2014 Pivotal Software, Inc. All rights reserved.
12© 2014 Pivotal Software, Inc. All rights reserved. Schemas
13© 2014 Pivotal Software, Inc. All rights reserved.
15© 2014 Pivotal Software, Inc. All rights reserved.
16© 2014 Pivotal Software, Inc. All rights reserved. 16© Copyright 2014 Pivotal. All rights reserved. "Culture does not change because we desire to change it. Culture changes when the organization is transformed; the culture reflects the realities of people working together every day.” - Frances Hesselbein
OpenControl Overview - Joshua McKenty

Recommended

Cloud Native Future
Cloud Native FutureCloud Native Future
Cloud Native FutureJulie Coonce
 
DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?Tathagat Varma
 
Devops skills you got what it takes ?
Devops skills you got what it takes ?Devops skills you got what it takes ?
Devops skills you got what it takes ?Initcron Systems Private Limited
 
A DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCA DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCBMK Lakshminarayanan
 
DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15Edureka!
 
Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Matthew Skelton
 
Devops
DevopsDevops
DevopsFernando Ike
 
Introduction to devops - update 2017
Introduction to devops - update 2017Introduction to devops - update 2017
Introduction to devops - update 2017gjdevos
 

Recommended

Cloud Native Future
Cloud Native FutureCloud Native Future
Cloud Native FutureJulie Coonce
 
DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?DevOps: Process, Tool or Mindset?
DevOps: Process, Tool or Mindset?Tathagat Varma
 
Devops skills you got what it takes ?
Devops skills you got what it takes ?Devops skills you got what it takes ?
Devops skills you got what it takes ?Initcron Systems Private Limited
 
A DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCA DevOps Mario Developer Game Challenge with GRC
A DevOps Mario Developer Game Challenge with GRCBMK Lakshminarayanan
 
DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15DevOps-Redefining your IT Strategy-28thJan15
DevOps-Redefining your IT Strategy-28thJan15Edureka!
 
Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Death to the DevOps team - Agile Cambridge 2014
Death to the DevOps team - Agile Cambridge 2014Matthew Skelton
 
Devops
DevopsDevops
DevopsFernando Ike
 
Introduction to devops - update 2017
Introduction to devops - update 2017Introduction to devops - update 2017
Introduction to devops - update 2017gjdevos
 
DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsMd. Mazharul Anwar
 
DevOps
DevOps DevOps
DevOps Hakan Yüksel
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsJoão Miranda
 
Dev ops
Dev opsDev ops
Dev opsEslam El Husseiny
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...Edureka!
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessBMK Lakshminarayanan
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroNajib Radzuan
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsNitin Bhide
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summitChihyang Li
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionRobert Sell
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017Giulio Vian
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016gjdevos
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...David Walker
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - AccelerateDelta-N
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityAgileSparks
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyCA Technologies
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps ToolsJagatveer Singh
 
Devops
DevopsDevops
DevopsKris Buytaert
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
 
Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootSufyaan Kazi
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 

More Related Content

What's hot

DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsRed Gate Software
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsJoão Miranda
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...Edureka!
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessBMK Lakshminarayanan
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroNajib Radzuan
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsNitin Bhide
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summitChihyang Li
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionRobert Sell
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017Giulio Vian
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016gjdevos
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...David Walker
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - AccelerateDelta-N
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityAgileSparks
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyCA Technologies
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps ToolsJagatveer Singh
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
 

What's hot (20)

DevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOpsDevOps 101 - an Introduction to DevOps
DevOps 101 - an Introduction to DevOps
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
DevOps
DevOps DevOps
DevOps
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Dev ops
Dev opsDev ops
Dev ops
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
 
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice MadnessHow to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
How to Avoid Cloud Confusion, DevOps dilemma, Microservice Madness
 
DevOps Culture & Methodology Intro
DevOps Culture & Methodology IntroDevOps Culture & Methodology Intro
DevOps Culture & Methodology Intro
 
DevOps - Understanding Core Concepts
DevOps - Understanding Core ConceptsDevOps - Understanding Core Concepts
DevOps - Understanding Core Concepts
 
DevOps 2016 summit
DevOps 2016 summitDevOps 2016 summit
DevOps 2016 summit
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps Introduction
 
DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017DevOps by examples - Continuous Lifecycle London 2017
DevOps by examples - Continuous Lifecycle London 2017
 
Introduction to devops 2016
Introduction to devops 2016Introduction to devops 2016
Introduction to devops 2016
 
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
Devops & Agility - Build the Culture, Get the Tools, Win the Day - Dundee Tec...
 
Meetup DevOps - Accelerate
Meetup DevOps - AccelerateMeetup DevOps - Accelerate
Meetup DevOps - Accelerate
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to reality
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than Technology
 
DevOps without DevOps Tools
DevOps without DevOps ToolsDevOps without DevOps Tools
DevOps without DevOps Tools
 
Devops
DevopsDevops
Devops
 
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOps
 

Similar to OpenControl Overview - Joshua McKenty

Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootSufyaan Kazi
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 
Removing Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsRemoving Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsMarie-Jeanne Dougados
 
2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product StrategyCollabNet
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015Pavel Bucek
 
DevOps Deconstructed
DevOps DeconstructedDevOps Deconstructed
DevOps DeconstructedJeremy Pullen
 
Il paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationIl paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationHP Enterprise Italia
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudIBM UrbanCode Products
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXBruno Borges
 
Linux Foundation Japan 2015
Linux Foundation Japan 2015Linux Foundation Japan 2015
Linux Foundation Japan 2015Jason Jackson
 
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...jeckels
 
Cloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCodemotion
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Tomek Borek
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsGene Kim
 
Harman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationHarman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationXebia India
 
Pivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow KeynotePivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow Keynotecornelia davis
 
Oracle REST Data Services
Oracle REST Data ServicesOracle REST Data Services
Oracle REST Data ServicesChris Muir
 

Similar to OpenControl Overview - Joshua McKenty (20)

Cloud native Microservices using Spring Boot
Cloud native Microservices using Spring BootCloud native Microservices using Spring Boot
Cloud native Microservices using Spring Boot
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIs
 
Removing Barriers Between Dev and Ops
Removing Barriers Between Dev and OpsRemoving Barriers Between Dev and Ops
Removing Barriers Between Dev and Ops
 
2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy2016 Federal User Group Conference - DevOps Product Strategy
2016 Federal User Group Conference - DevOps Product Strategy
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015
 
DevOps Deconstructed
DevOps DeconstructedDevOps Deconstructed
DevOps Deconstructed
 
Il paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery AutomationIl paradigma DevOps e Continuous Delivery Automation
Il paradigma DevOps e Continuous Delivery Automation
 
Pivotal CF 소개
Pivotal CF 소개 Pivotal CF 소개
Pivotal CF 소개
 
Delivering Applications Continuously to Cloud
Delivering Applications Continuously to CloudDelivering Applications Continuously to Cloud
Delivering Applications Continuously to Cloud
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
 
Linux Foundation Japan 2015
Linux Foundation Japan 2015Linux Foundation Japan 2015
Linux Foundation Japan 2015
 
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
The Power of Java and Oracle WebLogic Server in the Public Cloud (OpenWorld, ...
 
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracleSOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
SOA_BPM_12c_launch_event_BPM_track_proficiency_features_joost_volker_oracle
 
Cloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platformCloud Roundtable | Pivoltal: Agile platform
Cloud Roundtable | Pivoltal: Agile platform
 
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
Łukasz Romaszewski on Internet of Things Raspberry Pi and Java Embedded JavaC...
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
 
Harman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformationHarman deepak v - agile on steriod - dev ops led transformation
Harman deepak v - agile on steriod - dev ops led transformation
 
Pivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow KeynotePivotal Cloud Platform Roadshow Keynote
Pivotal Cloud Platform Roadshow Keynote
 
Oracle REST Data Services
Oracle REST Data ServicesOracle REST Data Services
Oracle REST Data Services
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

OpenControl Overview - Joshua McKenty

  • 1. 1© 2014 Pivotal Software, Inc. All rights reserved. 1© 2014 Pivotal Software, Inc. All rights reserved. Compliance as Code thru Continuous Authorization for A&A Joshua McKenty, Pivotal
  • 2. “Bureaucracy is the art of making the possible impossible.” ~ Javier Pascal Salcedo
  • 3. 3© 2014 Pivotal Software, Inc. All rights reserved. What: Automated Pipelines of A&A As TDD is to Development, and DevOps is to Operations, so OpenControl is to Compliance.
  • 4. 4© 2014 Pivotal Software, Inc. All rights reserved. Why? Ÿ  Speed is everything –  Respond quickly to CVEs –  Respond quickly to mission requirements –  Deploy frequently to avoid “Big-Bang” risks Ÿ  Automation makes Speed possible Ÿ  (Bonus: Automation makes security BETTER!)
  • 5. 5© 2014 Pivotal Software, Inc. All rights reserved. How (Theory) Ÿ  Unified or parallel pipelines of code and compliance Ÿ  Pipeline requirements: –  Dependency injection –  Task reuse –  Multiple inputs, multiple outputs Ÿ  Common schema, common components Ÿ  Separation of components from system details
  • 6. 6© 2014 Pivotal Software, Inc. All rights reserved. How (Practice): http://open-control.org Ÿ  Schema (YAML) Ÿ  Tools (CLI and web) Ÿ  Pipelines (Concourse.ci) Ÿ  Common compliance packages (800-53, FedRAMP, etc)
  • 7. 7© 2014 Pivotal Software, Inc. All rights reserved. 7© 2014 Pivotal Software, Inc. All rights reserved. YAML!!!!!
  • 8.
  • 9. 9© 2014 Pivotal Software, Inc. All rights reserved. How (Practice) Ÿ  Inputs: –  Certifications –  Standards –  Component Controls –  System Details Ÿ  Outputs: –  BoE / SPP (as a .docx) –  Inventory reports (in .xsl) –  POAM details –  OpenSCAP config
  • 10. 10© 2014 Pivotal Software, Inc. All rights reserved. Community
  • 11. 11© 2014 Pivotal Software, Inc. All rights reserved.
  • 12. 12© 2014 Pivotal Software, Inc. All rights reserved. Schemas
  • 13. 13© 2014 Pivotal Software, Inc. All rights reserved.
  • 14.
  • 15. 15© 2014 Pivotal Software, Inc. All rights reserved.
  • 16. 16© 2014 Pivotal Software, Inc. All rights reserved. 16© Copyright 2014 Pivotal. All rights reserved. "Culture does not change because we desire to change it. Culture changes when the organization is transformed; the culture reflects the realities of people working together every day.” - Frances Hesselbein