Compliance as Code (CAC): No-Code access has begun, but you can't play unless you share who's playing.
The world of Compliance as Code offers us all a chance to contribute, but before you can contribute, you have to identify who is contributing!
Just like you need to know your users in projects such as the OSN Skills Network, NIST's CyberSecurity community, the UCF's Roles database, Jooble, O*NET, ComplianceDictionary.com, WordNIK, etc., all allow either identified persons or identified organizations to make direct contributions to their content.
Notice that we said "identified" up there? That's because when contributing to each of these projects, the project needs to know who (person or organization) the contributor is. They can't rely on "Joe Schmoe" or "Sally Sidewalk" without knowing which Joe or Sally they are referencing.
Same thing for your organization. If you are contributing to shared content, your own organization will need to track you, too. Organization is essential to building Secure Technical Implementation Guides (STIGs) and Software IDs (SWIDs), as each organization's name is a part of the file name associated with the STIG or SWID. Having disambiguated organizations is a key security element for those files and is part of the CAC No-Code movement.
Presented on November 18 at 10:00 Am PT, was "Person and Organization Disambiguation," our third webinar series, where we discussed how each person and organization is disambiguated and how that works by giving you a no-code template to try! That way, you can fully contribute to the Compliance as Code movement! Don't be left out! Be a part of the future of compliance as code!
Here is what we will cover regarding identification:
1. How to go from a read-only User to a disambiguated Person who can contribute to content.
2. How to submit changes related to Organization or Persons and submit that back to the federated database.
If you missed the prior webinars, here are the links to the recordings so you can catch up:
September 16, 2021: Introduction to Compliance as Code
October 14, 2021: Compliance as Code Base Application Introduction
Remember to contribute and comply; you must identify!
This webinar was followed by a Zoom meeting with our CTO, Sean Kohler focused on alpha testing this MVP. The link was provided at the end of the webinar.