Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Contains many Cloud.gov-specific narratives #3

Open
clhynfield opened this issue Jul 26, 2017 · 5 comments
Open

Contains many Cloud.gov-specific narratives #3

clhynfield opened this issue Jul 26, 2017 · 5 comments

Comments

@clhynfield
Copy link

clhynfield commented Jul 26, 2017
edited
Loading

While the project title, description, and Readme all imply that this project applies to Cloud Foundry broadly, half of its components make explicit reference to the Cloud.gov-specific instance of Cloud Foundry. Some of these references aren't even applicable to plain, open source Cloud Foundry, e.g. UAA satisfies standard NIST-800-53, control key AC-7:

  - text: "#### a  \nCloud.gov displays banner on the cloud.gov login page\n  \n####
      b  \nThe banner displays on the login page until the user is logged in\n  \n####
      c  \nThe banner displays all requirements"

If product management agrees, I'll be happy to work up a pull request that replaces all cloud.gov references, to the best of my ability:

  • replacing them with "Cloud Foundry" where the narrative has an OSS equivalent
  • removing ones that are narratives exclusive to cloud.gov

I expect there to be some back-and-forth, as I'm completely unfamiliar with Cloud.gov.

Thanks!
@clhynfield
Copy link
Author

So, @geramirez, @afeld, and @dlapiduz – you are the three contributors to this project. If I were to submit a cloud.gov-scrubbing PR, would you be the ones to review and approve/reject? Thanks!

@openprivacy
Copy link
Member

We're starting with this, replaced (locally) cloud.gov with our system name, but would really like to see a templated system with e.g. {% PROJECT_NAME %} etc. in the text so it could be picked up and used by most anyone. Not sure the best mechanism to do this...

We're planning on using OpenControl and build directly on AWS, but inherit e.g. FedRAMP controls from https://github.com/opencontrol/FedRAMP-Certifications with default templated text. Eventually we'll need to do the same for applications like MySQL, Apache, etc.

@dlapiduz
Copy link
Contributor

@clhynfield I believe that cloud.gov is not using this repo anymore and it is using https://github.com/18F/cg-compliance instead.

If you want to submit the PR I think we can take it, @mogul @brittag can you 👍 ?

@clhynfield
Copy link
Author

Thanks for chiming in so quickly, @dlapiduz!

@openprivacy: good to hear. As elsewhere in software engineering, I'd look to use composition to bring components from cf-compliance and other projects into my own independent, composable projects. I haven't looked deep into how to make that happen with Compliance Masonry, but if the community agrees, maybe it's at least an ideal we can iterate toward.

@brittag
Copy link
Member

brittag commented Jul 26, 2017

Hi everyone! That's correct, cloud.gov is not using this cf-compliance repository. Glad to have this ping though - I'm interested to watch this repo and learn from changes here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dlapiduz @clhynfield @openprivacy @brittag