{"id":29570046,"url":"https://github.com/finos/common-cloud-controls","last_synced_at":"2025-07-19T02:07:59.573Z","repository":{"id":203266509,"uuid":"671130848","full_name":"finos/common-cloud-controls","owner":"finos","description":"FINOS Common Cloud Controls","archived":false,"fork":false,"pushed_at":"2025-07-09T21:35:07.000Z","size":9596,"stargazers_count":59,"open_issues_count":31,"forks_count":59,"subscribers_count":29,"default_branch":"main","last_synced_at":"2025-07-10T07:49:53.600Z","etag":null,"topics":["banking","cloud","controls","cybersecurity","financial-services-cloud","finos","linux-foundation","standard"],"latest_commit_sha":null,"homepage":"https://ccc.finos.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/finos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":"docs/governance/community-structure.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-07-26T15:53:14.000Z","updated_at":"2025-07-09T21:35:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"16f37bd8-b03f-41d7-b3e6-7b777cd7793a","html_url":"https://github.com/finos/common-cloud-controls","commit_stats":null,"previous_names":["finos/common-cloud-controls"],"tags_count":9,"template":false,"template_full_name":"finos/standards-project-blueprint","purl":"pkg:github/finos/common-cloud-controls","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/finos%2Fcommon-cloud-controls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/finos%2Fcommon-cloud-controls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/finos%2Fcommon-cloud-controls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/finos%2Fcommon-cloud-controls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/finos","download_url":"https://codeload.github.com/finos/common-cloud-controls/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/finos%2Fcommon-cloud-controls/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265872847,"owners_count":23842256,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["banking","cloud","controls","cybersecurity","financial-services-cloud","finos","linux-foundation","standard"],"created_at":"2025-07-19T02:07:58.938Z","updated_at":"2025-07-19T02:07:59.554Z","avatar_url":"https://github.com/finos.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- markdownlint-disable MD041 --\u003e\n\n[![FINOS - Incubating](https://cdn.jsdelivr.net/gh/finos/contrib-toolbox@master/images/badge-incubating.svg)](https://finosfoundation.atlassian.net/wiki/display/FINOS/Incubating)\n\n\u003c!-- markdownlint-enable MD041 --\u003e\n\n\u003ca href=\"https://ccc.finos.org\"\u003e\u003cimg height=\"100px\" src=\"https://github.com/finos/branding/blob/master/project-logos/active-project-logos/FINOS%20Common%20Cloud%20Controls%20Logo/Horizontal/2023_FinosCCC_Horizontal.svg?raw=true\" alt=\"CCC Logo\"/\u003e\u003c/a\u003e\n\nFINOS Common Cloud Controls (FINOS CCC) is an open standard project that describes consistent controls for compliant public cloud deployments in the financial services (FS) sector.\n\nThis standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).\n\n## How To Use It\n\n- **For controls development:** Download the latest [release PDF or Markdown](https://github.com/finos/common-cloud-controls/releases) for your target service, and use that as the basis for developing a control catalog for your specific organization or use case\n\n- **For automation development:** Download the latest [release YAML for your target service](https://github.com/finos/common-cloud-controls/releases), and build tests for each “Test Requirement,” organized according to the control they are part of. Open source validators are currently being developed by the [Compliant Financial Infrastructure](https://github.com/finos/compliant-financial-infrastructure) project.\n\n## How To Contribute\n\nThere are several ways to contribute to FINOS Common Cloud Controls.\n\n### 1. Improving CCC\n\nFINOS CCC is maintained and run through GitHub.\n\n- Check [the issues](https://github.com/finos/common-cloud-controls/issues) to see if there's anything you'd like to work on.\n- CCC follows an iterative process, so you can suggest changes to the standard at any time. Simply [Raise a GitHub Issue](https://github.com/finos/common-cloud-controls/issues/new/choose) to ask questions or make suggestions.\n- If you see something in the repo that you'd like to improve, Pull Requests are always welcome - the main branch of the repo is considered an iterative development branch.\n\n### 2. Join FINOS CCC Project Meetings\n\nThe CCC project is split into 6 working groups as follows:\n\n- **Communications / All Hands**: Focused on the overall project communications and community engagement.\n- **Security** - Working to specify the security controls and threats that will be covered by the standard.\n- **Community Structure** - Focused on the governance and structure of the CCC project.\n- **Duplication Reduction** - Focused on ensuring that the CCC standard does not duplicate existing standards.\n- **Taxonomy** - Focused on defining the taxonomy of cloud services that will be covered by the standard.\n- **Delivery** - Focused on the delivery of the CCC standard for use downstream by FS firms and CSPs.\n\nWork is done in the open, with all meetings and decisions documented in the project GitHub repository. Working groups meet on a fortnightly basis:\n\n| Working Group                                                                             | When                                       | Chair                | Mailing List                                                              |\n| ----------------------------------------------------------------------------------------- | ------------------------------------------ | -------------------- | ------------------------------------------------------------------------- |\n| [Security](/docs/governance/working-groups/security/charter.md)                           | 4PM UK, 1st and 3rd Thursday each month    | @mlysaght2017        | [ccc-security](mailto:ccc-security+subscribe@lists.finos.org)             |\n| [Delivery](/docs/governance/working-groups/delivery/charter.md)                           | 4:30PM UK, 1st and 3rd Thursday each month | @damienjburks        | [ccc-delivery](mailto:ccc-delivery+subscribe@lists.finos.org)             |\n| [Communications / All Hands](/docs/governance/working-groups/communications/charter.md)   | 5PM UK, 1st and 3rd Thursday each month    | @Alexstpierrework    | [ccc-communications](mailto:ccc-communications+subscribe@lists.finos.org) |\n| [Taxonomy](/docs/governance/working-groups/taxonomy/charter.md)                           | 4:30PM UK, 2nd and 4th Thursday each month | @smendis-scottlogic  | [ccc-taxonomy](mailto:ccc-taxonomy+subscribe@lists.finos.org)             |\n| [Community Structure](/docs/governance/working-groups/community-structure/charter.md)     | 5PM UK, 2nd and 4th Thursday each month    | @sshiells-scottlogic | [ccc-structure](mailto:ccc-structure+subscribe@lists.finos.org)           |\n| [Duplication Reduction](/docs/governance/working-groups/duplication-reduction/charter.md) | 5:30PM UK, 2nd and 4th Thursday each month | @jared-lambert       | [ccc-duplication](mailto:ccc-duplication-reduction@lists.finos.org)       |\n\nFind the next meeting on the [FINOS Community Calendar](https://finos.org/calendar) and browse [Past Meeting Minutes in GitHub](https://github.com/finos/common-cloud-controls/labels/meeting).\n\n### 3. Join the FINOS CCC Mailing Lists\n\nFINOS CCC communications are conducted through the \u003cccc-participants@lists.finos.org\u003e mailing list. Simply email [ccc-participants+subscribe@lists.finos.org](mailto: \u003cccc-participants+subscribe@lists.finos.org\u003e) to join.\n\n### FINOS CSLA Needed to Participate in CCC\n\nAll FINOS CCC participants are required to sign a FINOS [Community Specification Contributor License Agreement](https://github.com/finos/standards-project-blueprint/blob/main/governance-documents/Getting%20Started.md#best-practices) before joining project calls and collaborating in working groups.\n\nPlease visit [participants.md](participants.md) and raise a Pull Request by adding your `name`, `organisation` and `enrollment date` to the markdown file.\n\nRaising a Pull Request on [participants.md](participants.md) will automatically take you through the Linux Foundation EasyCLA process for signing the FINOS [CSCLA](https://github.com/finos/standards-project-blueprint/blob/main/governance-documents/Getting%20Started.md#best-practices).\n\nEmail \u003chelp@finos.org\u003e if you require further help.\n\n### FINOS Code of Conduct\n\nParticipants of FINOS standards projects should follow the FINOS Code of Conduct, which can be found at: \u003chttps://community.finos.org/docs/governance/code-of-conduct\u003e\n\n## Governance\n\n### FINOS CCC Steering Committee\n\nThe CCC Steering Committee is the governing body of the CCC project, providing decision-making and oversight pertaining to the CCC project bylaws, sub-organizations, and financial planning. The Steering Committee also defines the project values and structure. [Documented here](docs/governance/steering/charter.md).\n\n| Name             | Representing   | Seat      |\n| ---------------- | -------------- | --------- |\n| Jon Meadows      | Citi           | FSI       |\n| Oli Bage         | LSEG           | FSI       |\n| Simon Zhang      | BMO            | FSI       |\n| Vladimir Rabotka | Morgan Stanley | FSI       |\n| Robert Griffiths | Scott Logic    | Community |\n| Eddie Knight     | Sonatype       | Community |\n| Aric Rosenbaum   | Red Hat        | Community |\n\n@robmoffat is the current [FINOS Point of Contact](docs/governance/finos-poc.md) for the CCC project.\n\n## License\n\nThis project uses the **Community Specification License 1.0**; you can read more in the [LICENSE](LICENSE) file.\n\nThe source code included in this repository is subject to the [Apache-2.0 License](https://www.apache.org/licenses/LICENSE-2.0).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffinos%2Fcommon-cloud-controls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffinos%2Fcommon-cloud-controls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffinos%2Fcommon-cloud-controls/lists"}