What Is It?
FINOS Common Cloud Controls (FINOS CCC) is an open standard project that describes consistent controls for compliant public cloud deployments in the financial services (FS) sector.
This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).
Contributing Organisations
What are the Benefits?
💯 Defining Best Practices Around Cloud Security
CCC aims to standardize cloud security controls for the banking sector, providing a common set of controls that CSPs can implement to meet the requirements of FS firms. As multiple FS firms are involved in the project, effort is shared, the controls will be representative of the sector as a whole, and be more robust than any one firm could develop on its own.
🎯 One Target For CSPs To Conform To
If all FS firms specify their own cloud infrastructure requirements, CSPs will have to conform to multiple standards. CCC aims to provide a single target for CSPs to conform to.
🎒 Sharing The Burden Of A Common Definition
CCC aims to reduce the burden of compliance for CSPs by providing a common definition of controls which they can adopt. As CCC controls are specified in a cloud-agostic way, CSPs can implement them in a way that is consistent with their own infrastructure, while delivering services that FS firms understand and trust.
🧠A Path Towards Common Implementation
FINOS sister project, Compliant Financial Infrastructure aims to be a downstream implementation of the CCC controls standard. In tandem with CCC, this will provide FS firms with a one-stop shop for secure cloud infrastructure deployment.
🥇 A Path Towards Certification
It is envisaged that eventually, CCC will offer certification for CSPs who conform to the standard.
Learn More
Further videos on the YouTube playlist.
Releases
Common Cloud Controls is starting to release recommendations.