-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
create the proposed architecture and sequence diagram for CAML #14
Comments
(from group conversation) we need to clarify what our vision is for modularity / expandability. How is this solution distinct from the "classic" GRC model of an internal script that works against internal GRC tooling but doesn't natively integrate with the systems already deployed within an organization? @rajkrishnamurthy in conversation today we discussed that you have some well formed thoughts on this in an email exchange that mosi will share. Looking forward to continuing the conversation. |
Here is the point @rajkrishnamurthy shared with us at Netflix about GRC automation:
|
Raj speaks sense in his comments about GRC automation. In a related topic the US government accountability office comments on CMMC work (ref: GAO-22-104679 ) includes this note: These could be seen as contradictory requirements. In one space Raj points out that a "one size fits all" approach is problematic where one could interpret the GAO comments as arguing in favor of "one size fits all" for consistency. I think though that our metrics approach can thread this needle. The metric definition provides consistency and the open systems approach allows for flexibility in how an organization collects the measures. The assessment guidance can focus on what types of measures are reasonable and within industry 'best practices'. To an extent 'best practices' are mirrored by which open systems integrations are available. |
You will find the hand-drawn picture under misc/ folder. Need to create a formal architecture and sequence diagram. We also should outline the priorities for development based on the working group discussion on 11/22/2021.
The text was updated successfully, but these errors were encountered: