Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Current model has no Policy/Compliance/Governance module #72

Open
kurktchiev opened this issue Oct 30, 2023 · 0 comments
Open

Current model has no Policy/Compliance/Governance module #72

kurktchiev opened this issue Oct 30, 2023 · 0 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@kurktchiev
Copy link

One of the core components of any platform is ultimately answering: how does any/all of this fit into an organization's overall security posture. Especially these days with everyone marching, in some way shape or form, towards ZTA, I think having the built in tooling to help enable that and even better accelerate it, is extremely important.

As the current model stands it does not incorporate any tooling around this. I believe there should be some thinking put into what should be added in. From the CNCF side OPA and Kyverno are in play. Both have their merits and shortcomings, however, I think it would benefit the project and the overall movement if there is some discussion on the topic. Being able to say things like: you get NIST 800-53 out of the box, or PCI, or insert any of the industry standards we all have to one way or another find a way to adhere to, is going to be just as important as being able to spin up a platform I can build on top of.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kurktchiev @nabuskey