FINOS Common Cloud Controls has accomplished significant milestones, since its conception in mid-2023, through the collaborative efforts of the "Define Cloud Services Taxonomy", "Engage with MITRE Threat Catalog" and "OSCAL Representation of FINOS CCC" working groups.
Officially launched in October 2023 at Money 20/20, a prominent event for the financial industry in Las Vegas, the project has gained significant momentum within the FINOS and wider open source in finance industry. Further demonstrating the commitment of FINOS members and the open source community to establishing a standardized framework for common cloud controls.
In November, FINOS CCC featured highly at the FINOS Open Source in Finance Forum in New York where significant impact was achieved for the standard through executive panel discussions, breakout sessions and working examples of FINOS CCC in action. The conference provided an opportunity for FSI and Cloud Service Provider stakeholders to engage with project leads from FINOS members Citi, BMO and Google, alongside the FINOS Compliant Financial Infrastructure project who demoed the standard’s first technical implementation contributed by CFI leads from FINOS members Sonatype and Red Hat.
Collaboration with the FINOS Compliant Financial Infrastructure project in 2023 has further accelerated the FINOS CCC standard through the contribution of a “Relational Data Service” taxonomy as the first accelerator of the FINOS standard. The FINOS project partnership has enabled the creation of an industry standard reference point that allows additional services to be contributed by FINOS members and the wider open source finance community as the standard progresses within the financial services industry and into CSPs throughout 2024.
Alongside the technical achievements of FINOS Common Cloud Controls, the open standard has established strong relationships with industry bodies that will mutually benefit from the expertise and collaboration within FINOS Common Cloud Controls. Throughout 2024, FINOS CCC will build stronger ties and relationships with NIST through their OSCAL standard and MITRE through the integration and implementation of their ATT&CK Framework as the FINOS CCC standard continues to deliver.
The achievements of FINOS Common Cloud Controls in 2023 have collectively highlighted the combined abilities of FINOS members in establishing and driving momentum through the creation of a standardized taxonomy and framework for common cloud controls in the financial industry. As FINOS CCC continues to evolve throughout 2024, the collaborative power of FINOS promises to shape the industry's technological landscape and drive further advancements in the years to come.
FINOS Common Cloud Controls is an open standard that is developed under a Community Specification Licence on GitHub. The FINOS CCC project welcomes collaborators from across the financial services industry and cloud service providers and can be found here - https://github.com/finos/common-cloud-controls
Author: James McLeod, Director of Community
Interested in this FINOS open source project, or any of our other projects? Click the link below to see how to get involved in the FINOS Community.