Skip to content

Commit 21dd9ea

Browse files
jpower432jpower432
authored
docs: adds Automated Governance to Cloud Native Security Lexicon (#1493)
* docs: adds Automated Governance to Cloud Native Security Lexicon --------- Signed-off-by: Jennifer Power <[email protected]>
1 parent 2db411c commit 21dd9ea

File tree

1 file changed

+15
-4
lines changed

1 file changed

+15
-4
lines changed

community/resources/security-lexicon/cloud-native-security-lexicon.md

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
1-
<!---
1+
<!-- cspell:disable-next-line -->
2+
<!-- markdownlint-disable MD033 MD041 -->
3+
<!---
24
Copyright 2021 CNCF TAG-Security
35
Licensed under the Creative Common Attribution 4.0 International License
46
SPDX-License-Identifier: CC-BY-4.0
57
--->
6-
<!-- cspell:disable-next-line -->
7-
<!-- markdownlint-disable MD033 -->
88

99
# Shared with CNCF Community
1010

@@ -29,6 +29,7 @@ SPDX-License-Identifier: CC-BY-4.0
2929
- [Attack vector](#attack-vector)
3030
- [Security Requirements](#security-requirements)
3131
- [Security Policy as Code](#security-policy-as-code)
32+
- [Automated Governance](#automated-governance)
3233
- [Shift Security Left](#shift-security-left)
3334
- [Least Privilege](#least-privilege)
3435
- [Immutability](#immutability)
@@ -55,7 +56,7 @@ SPDX-License-Identifier: CC-BY-4.0
5556
- [Certificate root of trust](#certificate-root-of-trust)
5657
- [Infrastructure-as-Code Security](#infrastructure-as-code-security)
5758
<!-- cspell:disable-next-line -->
58-
- [ABAC, RBAC, and MAC](#ABAC-rbac-and-mac)
59+
- [ABAC, RBAC, and MAC](#abac-rbac-and-mac)
5960
- [Hardware](#hardware)
6061
- [Trusted Platform Module (TPM/vTPM)](#trusted-platform-module-tpmvtpm)
6162
- [Hardware Security Module](#hardware-security-module)
@@ -136,6 +137,16 @@ environments
136137
| References | <https://www.thoughtworks.com/radar/techniques/security-policy-as-code> |
137138
| | [Go to Table of Content](#index) |
138139

140+
### Automated Governance
141+
142+
| | |
143+
|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
144+
| Definition | Automated governance is the concept of using automation to consistently enforce an organization's governance policies and security controls across its technical environment. It leverages tools and practices like Policy as Code to integrate automated checks directly into workflows, providing quick feedback loops on security and compliance posture. |
145+
| Terms | [Security Policy as Code](#security-policy-as-code), [Compliance and Security](#compliance-and-security) |
146+
| Organizational Use | An organization uses automated governance to ensure that resources like committed code or a container image automatically meet predefined security, compliance, and operational policies. This is achieved by using policy tools like Open Policy Agent (OPA) and aligning automated policy enforcement with higher-level organizational policies and strategic objectives. |
147+
| References | - <https://itrevolution.com/articles/what-is-automated-governance/> <br /> - <https://tag-security.cncf.io/community/resources/automated-governance-maturity-model/?ajs_aid=5c4aee08-5f6a-40a6-8bf2-d1180bc9dfa5> |
148+
| | [Go to Table of Content](#index) |
149+
139150
### Shift Security Left
140151

141152
| | |

0 commit comments

Comments
 (0)