February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Thursday, February 2 • 2:45pm - 3:20pm
12 Essential Requirements for Policy Enforcement and Governance with OSCAL - Robert Ficcaglia, SunStone Secure, LLC

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
An effective policy framework provides governance capabilities to Kubernetes and cloud native applications. Policy-as-code artifacts provide visibility and drive remediation for various security and configuration aspects to help Developers and Operators meet their security and compliance requirements. Working with the Kubernetes Policy Workgroup, cloud providers and tool maintainers have signaled support for OSCAL. OSCAL is a NIST control assessment syntax and model framework providing a standard set of schema for control catalogs, customization and parameterization, assessment and reporting. Using OSCAL as a model schema for control definition, we discuss the specifics of policy enforcement and management in a multi-cluster, multi-cloud environment for seamless traceability across technical configuration, organization security standards and external regulatory compliance requirements. We break down 12 specific requirements and policy-as-code practices in a highly fluid multi-cluster operating environment. Join this hands-on, live demo session to understand the battle-tested use cases, architecture, and practical implementation details, and the deployment and operational levers for managing control implementation, policy generation and assessment, and compliance reporting.

avatar for Robert Ficcaglia

Robert Ficcaglia

CTO, SunStone Secure, LLC
Robert Ficcaglia is CTO of SunStone Secure, a virtual CISO and Compliance Advisory firm, and also serves as the Kubernetes Policy Workgroup Co-Chair, CNCF Security Technical Advisory Group (TAG) Lead Assessor, and member of the Kubernetes Security Special Interest Group (SIG-security... Read More →

Thursday February 2, 2023 2:45pm - 3:20pm PST
Room 613/614