According to the official release, the new project is built upon a method devised by FINOS Platinum Member Citi and aims to describe consistent controls for compliant public cloud deployments in the financial services sector.
The development of this new project comes to address a specific pain point in the industry. Despite the rapid adoption of cloud solutions, the global regulatory landscape continues to be fragmented.
Through the new project, FINOS seeks to formulate a unified set of cybersecurity, resiliency, and compliance controls for widely used services across the major cloud service providers (CSPs).
By imposing a taxonomy of common services and threats, FINOS’ project further aims to alleviate the systemic risk of cloud concentration, which is an issue previously outlined in reports from institutions like the U.S. Department of the Treasury, the UK HMT, the European Council, and the Monetary Authority of Singapore.
This open standard is reportedly anticipated to build upon current endeavours akin to NIST’s OSCAL, the MITRE ATT&CK framework, and FINOS’ own Compliant Financial Infrastructure project.
Its goal is to build taxonomies on common cloud services, common threat techniques and associated mitigations, logical control descriptions, as well as cloud service-specific data flow diagrams to gain insights into typical attack vectors within the service.
The new Citi-initiated project was approved in July 2023 by the foundation’s Governing Board and currently has more than 20 participants among FINOS members, including Bank of Montreal (BMO), Citi, Goldman Sachs, Morgan Stanley, Royal Bank of Canada (RBC), London Stock Exchange Group (LSEG), Natwest Group, or Google Cloud.
Moreover, among the leading vendors that also joined the project are GitHub, Red Hat, Symphony, Adaptive, Container Solutions, ControlPlane, GitLab, and Scott Logic.
As per the official release, the project is set to commence its formation stage in August 2023 and will subsequently become accessible via the Community Specification License later in 2023.
Citi, the member that devised the method as the basis of the new project, is a banking partner for institutions that necessitate cross-border services, as well as a provider of wealth management and a personal bank in the US market.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now