36 lines
1.2 KiB
ReStructuredText
36 lines
1.2 KiB
ReStructuredText
==========
|
|
Compliance
|
|
==========
|
|
|
|
An OpenStack deployment may require compliance activities for many
|
|
purposes, such as regulatory and legal requirements, customer need,
|
|
privacy considerations, and security best practices. The Compliance
|
|
function is important for the business and its customers. Compliance
|
|
means adhering to regulations, specifications, standards and laws. It is
|
|
also used when describing an organizations status regarding assessments,
|
|
audits, and certifications. Compliance, when done correctly, unifies and
|
|
strengthens the other security topics discussed in this guide.
|
|
|
|
This chapter has several objectives:
|
|
|
|
- Review common security principles.
|
|
|
|
- Discuss common control frameworks and certification resources to
|
|
achieve industry certifications or regulator attestations.
|
|
|
|
- Act as a reference for auditors when evaluating OpenStack
|
|
deployments.
|
|
|
|
- Introduce privacy considerations specific to OpenStack and cloud
|
|
environments.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
compliance/overview.rst
|
|
compliance/understanding-the-audit-process.rst
|
|
compliance/compliance-activities.rst
|
|
compliance/certification-and-compliance-statements.rst
|
|
compliance/privacy.rst
|
|
.. case-studies/compliance-case-studies.rst
|