[open-regulatory-compliance] Managing compliance and cybersecurity "as c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[open-regulatory-compliance] Managing compliance and cybersecurity "as code"

From: Henry Haverinen <henry.haverinen@xxxxxxxxxxxxx>
Date: Wed, 29 Jan 2025 21:15:50 +0000
Accept-language: en-GB, fi-FI, en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cyberismo.com; dmarc=pass action=none header.from=cyberismo.com; dkim=pass header.d=cyberismo.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SSWjqtwmsu8tHffcYOppWtXkfb2LGI8zyRyEzZay3iw=; b=KkHHCHfuG7T1wosA2ZPK9kBUxdfZsVntixhkM0VmJqDmB7/0EJJYG0R1fgYJGbuAIsz7+SH/sYA1T59wNDX6GIRRphRZfRDyuwVRK6GDIxTZUZA/vQ133QFlJq/bFHILlDUtLKgil5ZkAJu0PaEoWYB3pMwLUi5SdJRegc8BIz5yCdtyiBUiu/kBtlrqthaOogOxb0fSuTuwbqQ1AQdDIfA117P4FFg6GIQWKivrYkk/GdkK+/Dg4wL4W6N8hI1unKBMecSQZfvFXSaifpNa2LZZfEkSRE6mm8jq/tcA6z7HTCnjCRiOWGq/TUBqd3Qhim9r6vODMwCUao+S43UdHg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=N/T6GecG31YoPKBIWapoHrIL3CcD/W6DX+U7eBo+MIRokE37KEKNFqgXwvAKSmNdmD8VVbNX7mRippxl7tz18gh60Pdb9Ltray0st0XxIkQ8XM771fz8ItDqU80W1RQDyCHyx4SIJYhbfRlpGs04PQAU41iPJ27pLsvTtGfXkitBJQ8HLgI46pQNtaF4PJn3uO67B/7b4wyJQXo+noW444HbpQryiUWLD9iA2XiNkQt8g08dIOeeE/WczALGwYV9IRUyPNqyBxKvvqYrPlmLT5xp6qq1R4pAUHbwqPtW6XU3lscapa5Plz5MODVsm3y9M8aRTMEvAFWLV8ILFujhlg==
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHbco+5PWSnUYnrZ0iL0coAwkr6Xg==
Thread-topic: Managing compliance and cybersecurity "as code"

Hi everyone,

I have a special interest in representing compliance documentation and cybersecurity management with a plain text format so that it can be managed similarly as code. I believe this route could be helpful in making this whole thing more concrete and tangible, and enabling us to automate more things, which would be especially great for manufacturers and single-vendors FOSS projects that must meet all the CRA requirements.

I gave two talks about these topics at OCX 2024. Our company Cyberismo has been working on an open-source solution in this space, and we’re working on both the tooling and some open content for cybersecurity management. See https://cyberismo.com/solution for info and links, including a presentation from OCX.

Besides Cyberismo, there are also other security-as-code solutions that are worth checking out, such as NIST OSCAL and Open Policy Agent.

I’m looking forward to meeting you guys at the ORG WG workshop tomorrow, and if there are other people interested in security as code, then please reach out and let’s talk! I’ll be wearing a bright orange hoodie. My plan is to join the sessions about the Deliverables Plan and the CRA Compliance Guide.

Cheers,

Henry

Prev by Date: [open-regulatory-compliance] Please provide updates from Brussels
Next by Date: [open-regulatory-compliance] Cyber Resilience SIG meeting agenda 2025.02.03
Previous by thread: [open-regulatory-compliance] Please provide updates from Brussels
Next by thread: [open-regulatory-compliance] Cyber Resilience SIG meeting agenda 2025.02.03
Index(es):
- Date
- Thread

Breadcrumbs