Prepare database/relational for Feb '25 Release Candidate #655

mlysaght2017 · 2025-02-06T12:53:27Z

Feature Request

Threats and controls need to be audited and updated if necessary in preparation for release candidate.

Apply the following checklist:

Step 1: Threats

Alignment with service features: Check existing threats against existing features of the service to ensure alignment on IDs, titles, descriptions, etc. The features for the service are found in features.yaml.
Missing common threats: Check if any common threats are missing from the list of common_threats at the top of the threats file. Add in common threats if you feel any are missing.
Missing service-specific threats: Assess if any service-specific threats are missing from the list of threats in the threats file. Add in new service specific threats if you feel any are are missing.
Removing duplication: Check to see if any service-specific threats are actually covered already by the common threats we have available. Please check against both the threats already in thecommon_threats list in the threats file for the service AND also the full list of all common threats in: https://github.com/finos/common-cloud-controls/blob/main/services/common-threats.yaml. If any are covered by a common threat, then add in the common threat to the common_threat list, if it is missing, and remove the threat listed as a service specific threat under threats.
ID ordering: Ensure that all common and service specific threat IDs are numbered correctly and are in numerical order.
Style guide adherence: Check that all threats adhere to the style guide

Step 2: Controls

Alignment with threats: Check existing controls against existing threats to ensure alignment on IDs, titles, descriptions etc.
Missing common controls: Check if any common controls are missing from the list of common_controls at the top of the controls file. Add in common controls if you feel any are missing.
Missing service-specific controls: Assess if any service-specific controls are missing from the list of controls in the controls file. Add in new service specific controls if you feel any are are missing.
Removing duplication: Check to see if any service-specific controls are actually covered already by the common controls we have available. Please check against both the controls already in the common_controls list in the controls file for the service AND also the full list of all common controls in: https://github.com/finos/common-cloud-controls/blob/main/services/common-controls.yaml. If any are covered by a common control, then add in the common control to the common_control list, if it is missing, and remove the control listed as a service specific control under controls.
ID ordering: Ensure that all common and service specific threat IDs are numbered correctly and are in numerical order.
Style guide adherence: Check that all controls and associated testing requirements adhere to the style guide

The text was updated successfully, but these errors were encountered:

mlysaght2017 · 2025-02-19T09:44:17Z

@abikhuil - how is this progressing? Do you think you'll be ready by WG call tomorrow?

mlysaght2017 added control definitions security threat definitions labels Feb 6, 2025

mlysaght2017 added this to FINOS Common Cloud Controls - Project Kanban Feb 6, 2025

mlysaght2017 moved this to Todo in FINOS Common Cloud Controls - Project Kanban Feb 6, 2025

mlysaght2017 moved this from Todo to Prioritised in FINOS Common Cloud Controls - Project Kanban Feb 6, 2025

mlysaght2017 assigned abikhuil Feb 6, 2025