Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[open-regulatory-compliance] Managing compliance and cybersecurity "as code"

Hi everyone,

 

I have a special interest in representing compliance documentation and cybersecurity management with a plain text format so that it can be managed similarly as code. I believe this route could be helpful in making this whole thing more concrete and tangible, and enabling us to automate more things, which would be especially great for manufacturers and single-vendors FOSS projects that must meet all the CRA requirements.

 

I gave two talks about these topics at OCX 2024. Our company Cyberismo has been working on an open-source solution in this space, and we’re working on both the tooling and some open content for cybersecurity management. See https://cyberismo.com/solution for info and links, including a presentation from OCX.

 

Besides Cyberismo, there are also other security-as-code solutions that are worth checking out, such as NIST OSCAL and Open Policy Agent.

 

I’m looking forward to meeting you guys at the ORG WG workshop tomorrow, and if there are other people interested in security as code, then please reach out and let’s talk! I’ll be wearing a bright orange hoodie. My plan is to join the sessions about the Deliverables Plan and the CRA Compliance Guide.

 

Cheers,

Henry

 


Back to the top