12 Essential Requirements for Policy Enforcement and Governance with OSCAL - Robert Ficcaglia, SunStone Secure, LLC
Abstract
An effective policy framework provides governance capabilities to Kubernetes and cloud native applications. Policy-as-code artifacts provide visibility and drive remediation for various security and configuration aspects to help Developers and Operators meet their security and compliance requirements. Working with the Kubernetes Policy Workgroup, cloud providers and tool maintainers have signaled support for OSCAL. OSCAL is a NIST control assessment syntax and model framework providing a standard set of schema for control catalogs, customization and parameterization, assessment and reporting. Using OSCAL as a model schema for control definition, we discuss the specifics of policy enforcement and management in a multi-cluster, multi-cloud environment for seamless traceability across technical configuration, organization security standards and external regulatory compliance requirements. We break down 12 specific requirements and policy-as-code practices in a highly fluid multi-cluster operating environment. Join this hands-on, live demo session to understand the battle-tested use cases, architecture, and practical implementation details, and the deployment and operational levers for managing control implementation, policy generation and assessment, and compliance reporting.