#compliance (2023-07)

Discuss topics related to compliance. See also <#CBXSAR45Bsecurity>.

2023-07-22

jonjitsu avatar
jonjitsu
02:54:30 PM

@jonjitsu has joined the channel

jonjitsu avatar
jonjitsu

Anyone have recomendations on tooling for Compliance as Code? I used chef inspec like 5 years ago to implement controls for AWS accounts. It was quite nice for being “compliance” oriented and using a real programming language. I’m not sure of the future of inspec along with it’s licensing change, is there something else comparable. Has compliance as code progressed at all? What resources can I consume to get ramped up on the current state of affairs. Everything I’ve found so far makes me think the whole movement died 2 years ago.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

AWS has its own solution: security hub and AWS config. The “real language” part is more about implementation. There’s also a huge movement to shift this left, at the IaC layer with tools like checkov

1
Soren Jensen avatar
Soren Jensen

I can highly recommend Vanta.com it’s a YC founded company. We been using for close to a year. Took us only 3 months to get ISO27001 certified.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The two tools that keep coming up in our talks with customers are Vanta and Wiz.io

2023-07-24

2023-07-25

Shreyas avatar
Shreyas
10:05:37 AM

@Shreyas has joined the channel

    keyboard_arrow_up