FINOS Common Cloud Controls (FINOS CCC) is an open standard project that describes consistent controls for compliant public cloud deployments in the financial services (FS) sector.
This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).
Download the FINOS CCC Primer Here
CCC aims to standardize cloud security controls for the banking sector, providing a common set of controls that CSPs can implement to meet the requirements of FS firms. As multiple FS firms are involved in the project, effort is shared, the controls will be representative of the sector as a whole, and be more robust than any one firm could develop on its own.
If all FS firms specify their own cloud infrastructure requirements, CSPs will have to conform to multiple standards. CCC aims to provide a single target for CSPs to conform to.
CCC aims to reduce the burden of compliance for CSPs by providing a common definition of controls which they can adopt. As CCC controls are specified in a cloud-agostic way, CSPs can implement them in a way that is consistent with their own infrastructure, while delivering services that FS firms understand and trust.
FINOS sister project, Compliant Financial Infrastructure aims to be a downstream implementation of the CCC controls standard. In tandem with CCC, this will provide FS firms with a one-stop shop for secure cloud infrastructure deployment.
It is envisaged that eventually, CCC will offer certification for CSPs who conform to the standard.
The CCC project is in incubation at the moment but aims to deliver its first standards in 2024. The project is split into 6 working groups, each with a specific focus:
- Communications / All Hands: Focused on the overall project communications and community engagement.
- Security - Working to specify the security controls and threats that will be covered by the standard.
- Community Structure - Focused on the governance and structure of the CCC project.
- Duplication Reduction - Focused on ensuring that the CCC standard does not duplicate existing standards.
- Taxonomy - Focused on defining the taxonomy of cloud services that will be covered by the standard.
- Delivery - Focused on the delivery of the CCC standard for use downstream by FS firms and CSPs.
Work is done in the open, with all meetings and decisions documented in the project GitHub repository.
There are several ways to contribute to FINOS Common Cloud Controls.
The CCC project is split into 6 working groups in the CCC project which meet on a fortnightly basis:
| Working Group | When | Chair | Mailing List |
|---|---|---|---|
| Security | 4PM UK, 1st and 3rd Thursday each month | @mlysaght2017 | ccc-security |
| Delivery | 4:30PM UK, 1st and 3rd Thursday each month | @damienjburks | ccc-delivery |
| Communications / All Hands | 5PM UK, 1st and 3rd Thursday each month | @Alexstpierrework | ccc-communications |
| Taxonomy | 4:30PM UK, 2nd and 4th Thursday each month | @smendis-scottlogic | ccc-taxonomy |
| Community Structure | 5PM UK, 2nd and 4th Thursday each month | @sshiells-scottlogic | ccc-structure |
| Duplication Reduction | 5:30PM UK, 2nd and 4th Thursday each month | @jared-lambert | ccc-duplication |
Find the next meeting on the FINOS Community Calendar and browse Past Meeting Minutes in GitHub.
FINOS Common Cloud Controls communications are conducted through the [email protected] mailing list. Simply email [[email protected]](mailto: [email protected]) to join.
FINOS Common Cloud Controls is maintained and run through GitHub. Simply Raise a GitHub Issue to ask questions or make suggestions.
All FINOS Common Cloud Controls participants are required to sign a FINOS Community Specification Contributor License Agreement before joining project calls and collaborating in working groups.
Please visit participants.md and raise a Pull Request by adding your name, organisation and enrollment date to the markdown file.
Raising a Pull Request on participants.md will automatically take you through the Linux Foundation EasyCLA process for signing the FINOS CSCLA.
Email [email protected] if you require further help.
Participants of FINOS standards projects should follow the FINOS Code of Conduct, which can be found at: https://community.finos.org/docs/governance/code-of-conduct
The CCC Steering Committee is the governing body of the CCC project, providing decision-making and oversight pertaining to the CCC project bylaws, sub-organizations, and financial planning. The Steering Committee also defines the project values and structure. Documented here.
| Name | Representing | Seat |
|---|---|---|
| Jon Meadows | Citi | FSI |
| Oli Bage | LSEG | FSI |
| Simon Zhang | BMO | FSI |
| Paul Stevenson | Morgan Stanley | FSI |
| Robert Griffiths | Scott Logic | Community |
| Eddie Knight | Sonatype | Community |
| Adrian Hammond | Red Hat | Community |
@robmoffat is the current FINOS Point of Contact for the CCC project.
This project uses the Community Specification License 1.0; you can read more in the LICENSE file.
The source code included in this repository is subject to the Apache-2.0 License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent