security-doc/security-guide/source/compliance.rst

==========
Compliance
==========

An OpenStack deployment may require compliance activities for many
purposes, such as regulatory and legal requirements, customer need,
privacy considerations, and security best practices. The Compliance
function is important for the business and its customers. Compliance
means adhering to regulations, specifications, standards and laws. It is
also used when describing an organizations status regarding assessments,
audits, and certifications. Compliance, when done correctly, unifies and
strengthens the other security topics discussed in this guide.

This chapter has several objectives:

-  Review common security principles.

-  Discuss common control frameworks and certification resources to
   achieve industry certifications or regulator attestations.

-  Act as a reference for auditors when evaluating OpenStack
   deployments.

-  Introduce privacy considerations specific to OpenStack and cloud
   environments.

.. toctree::
   :maxdepth: 2

   compliance/overview.rst
   compliance/understanding-the-audit-process.rst
   compliance/compliance-activities.rst
   compliance/certification-and-compliance-statements.rst
   compliance/privacy.rst
..   case-studies/compliance-case-studies.rst