2025-03-01 –, Workshops (School of Design)
Compliance-as-code encompasses many activities such as automation of system configuration and general DevSecOps approaches. One area examined less is how to manage the documentary artifacts associated with compliance ‘as code’, replacing word documents and excel spreadsheets with markdown, yaml and json.
Emerging data standards such as NIST’s OSCAL facilitate this approach. The OSCAL standard has been adopted by FedRAMP, Australian Cyber Security Centre, Center for Internet Security, Singapore’s GovTech, among others.
OSCAL-Compass is a project by IBM Research and Red Hat that has recently become a CNCF sandbox project. It leverages NIST's OSCAL, a set of data and process standards for compliance, and and provides an opinionated compliance-as-code approach to OSCAL adoption.
Today OSCAL-compass has three key projects which work together: Compliance-trestle; compliance 2 policy (c2p); and agile authoring. This workshop will demonstrate how to use these tools together to document and measure compliance controls on a Kubernetes cluster using Open Cluster Manager.
This workshop will be hands on: attendees will need a github.com account; python installed and a kubernetes CLI (either kubectl or oc).
Attendees will be securing their kubernetes cluster against their ACME corp corporate standards; and using compliance-trestle to generate a report for their internal auditors.
Througout the session the speakers will also discuss the adoption of OSCAL globally including how Red Hat and IBM have been adopting the standard internally.
Intermediate - attendees should be familiar with the subject
Dr. Chris Butler is a Senior Principal Chief Architect in the APAC Field CTO Office at Red Hat. Chris’ focus is working with regulated clients who are building infrastructure, application and AI platforms. Chris facilitates co-innovation engagements with our clients and partners with our product engineering team. Of particular focus is how using an ‘as code’ approach hardens security and compliance.
Previously worked for AUCloud and IBM Research. He was one of the founders of the compliance-trestle project.
Chris, and his peers, engage with clients and partners who are stretching the boundaries of Red Hat's products. Chris facilitates co-innovation engagements with our clients and partners with our product engineering team. Chris is currently focused on the strategy and technology architecture enabling 'digital sovereignty' at Red Hat including: how to build xPU clouds; "Sovereign" clouds and the unique requirements of Governments across Asia Pacific