diff --git a/calm-ai/CALM.chatmode.md b/calm-ai/CALM.chatmode.md index 546c38c09..91a0804f3 100644 --- a/calm-ai/CALM.chatmode.md +++ b/calm-ai/CALM.chatmode.md @@ -46,6 +46,7 @@ On your first prompt in each session, you MUST: - `.github/chatmodes/calm-prompts/flow-creation.md` - `.github/chatmodes/calm-prompts/pattern-creation.md` - `.github/chatmodes/calm-prompts/documentation-creation.md` + - `.github/chatmodes/calm-prompts/standards-creation.md` 3. After reading the prompts, confirm you're ready to assist with CALM architectures. diff --git a/calm-ai/README.md b/calm-ai/README.md index 5dad60779..4b720a0cb 100644 --- a/calm-ai/README.md +++ b/calm-ai/README.md @@ -19,6 +19,7 @@ The CALM AI tools provide specialized prompts and guidance for AI assistants to - `node-creation.md` - Guide for creating nodes with proper validation - `pattern-creation.md` - Guide for reusable architectural patterns - `relationship-creation.md` - Guide for creating relationships between nodes + - `standards-creation.md` - Guide for creating JSON Schema Standards that extend CALM components with organizational requirements ## Usage diff --git a/calm-ai/tools/control-creation.md b/calm-ai/tools/control-creation.md index ab3a412be..d5e1cbf40 100644 --- a/calm-ai/tools/control-creation.md +++ b/calm-ai/tools/control-creation.md @@ -64,6 +64,50 @@ The complete control schema from the FINOS CALM v1.0 specification: Controls in CALM represent compliance policies, governance rules, and enforcement mechanisms applied to architecture elements. +## Standards Integration + +**Most controls in CALM use Standards to define their requirements and specifications.** This creates points of consistency across a given domain and enables reusable control patterns. + +### How Controls Use Standards + +Controls work with Standards in the following way: + +1. **Requirement Files**: The `requirement-url` points to a requirement.json file that defines what the control expects +2. **Configuration Files**: The `config-url` points to a configuration.json file that provides the actual configuration data +3. **Standards as Base Schemas**: Requirements may optionally use Standards as their base JSON schema to ensure consistency + +**Example - NIST Control with Standard-based Requirement**: + +```json +{ + "nist-access-control": { + "description": "NIST 800-53 Access Control requirements for system authentication", + "requirements": [ + { + "requirement-url": "https://requirements.company.com/nist-ac2-requirement.json", + "config": { + "documentNumber": "NIST SP 800-53", + "title": "Security and Privacy Controls for Federal Information Systems", + "status": "Final", + "seriesName": "Special Publication", + "controlFamily": "AC - Access Control", + "controlId": "AC-2" + } + } + ] + } +} +``` + +In this example, the `requirement-url` points to a requirement.json file. That requirement file may optionally use a NIST Document Standard as its JSON schema base to ensure all NIST controls follow consistent structure. + +### Benefits of Standards with Controls + +- **Consistency**: All requirement files using the same Standard follow identical structure +- **Validation**: Standards provide automatic schema validation for requirement file structure +- **Reusability**: Standards can be shared across multiple requirement files and organizations +- **Compliance**: Industry frameworks like NIST, ISO 27001, SOC 2 can be modeled as Standards for requirement files + ## Where Controls Can Be Applied Controls can be applied at multiple levels within a CALM architecture: @@ -331,3 +375,19 @@ Each requirement MUST have exactly ONE of: - Structure requirements to be independently verifiable - Document the relationship between requirement schemas and configurations - Regular review and updates for compliance changes + +## Cross-References + +- **Standards Creation**: See standards creation tool for creating requirement Standards that controls reference +- **Node Creation**: Understand how controls are applied to individual nodes +- **Flow Creation**: Learn how controls work with business processes and flows +- **Architecture Creation**: See how controls are structured at the architecture document level +- **Pattern Creation**: Use controls in reusable architectural patterns + +## Key Reminders + +- Most controls reference requirement files that may use Standards as their base schemas +- Controls can be applied at architecture, node, and flow levels +- Each control must have both description and requirements properties +- Use Standards for consistency in requirement files across compliance frameworks like NIST, ISO 27001, SOC 2 +- Reference the standards creation tool when creating base schemas for requirement files diff --git a/calm-ai/tools/standards-creation.md b/calm-ai/tools/standards-creation.md new file mode 100644 index 000000000..dcf7b0b5f --- /dev/null +++ b/calm-ai/tools/standards-creation.md @@ -0,0 +1,355 @@ +# CALM Standards Creation Guide + +## Critical Requirements + +⚠️ **ALWAYS call the standards creation tool before creating any Standards** +⚠️ **Standards must follow JSON Schema 2020-12 specification** +⚠️ **Standards compose with core CALM schemas using `$ref` and `allOf`** + +## What are Standards? + +Standards are JSON Schema 2020-12 documents that extend core CALM components with organization-specific or domain-specific properties. +They enable consistent requirements across CALM architectures while integrating seamlessly with existing JSON Schema validation. + +**Key Capabilities:** + +- **Organization Extensions**: Add company-specific properties to nodes, interfaces, relationships +- **Compliance Integration**: Most controls use Standards to define requirements and specifications +- **Community Sharing**: FINOS and industry groups can create reusable Standards +- **Native Validation**: Works with standard JSON Schema validation in `calm validate` + +## JSON Schema 2020-12 Structure + +All Standards must follow this base structure: + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "[Descriptive Title]", + "type": "object", + "properties": { + // Your additional properties here + }, + "required": [/* required properties */], + "additionalProperties": false +} +``` + +## Target CALM Components + +Standards commonly extend these core CALM components: + +### Nodes +- Company requirements (cost centers, ownership, environments) +- Infrastructure standards (cloud specs, resource limits) +- Compliance classifications (security levels, regulatory tags) + +### Interfaces +- Authentication standards (OAuth, API keys) +- Protocol specifications (versions, encoding) +- Performance requirements (rate limits, timeouts) + +### Relationships +- Approval workflows (required approvals) +- Security policies (network segmentation, data flow) +- Monitoring requirements (logging, alerting) + +### Control Requirements +- Compliance frameworks (NIST, ISO 27001, SOC 2) +- Organizational policies (internal security, operations) +- Audit standards (evidence, documentation) + +## Schema Composition Patterns + +### Pure Standard (No Core Reference) + +For defining reusable schema fragments: + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "NIST Document Standard", + "type": "object", + "properties": { + "documentNumber": { + "type": "string", + "description": "Official NIST document number, e.g., 'NIST SP 800-207'" + }, + "title": { + "type": "string", + "description": "Full title of the NIST document" + }, + "status": { + "type": "string", + "enum": ["Final", "Draft", "Superseded", "Withdrawn"], + "description": "Current status of the document" + }, + "seriesName": { + "type": "string", + "description": "NIST publication series name" + } + }, + "required": ["documentNumber", "title", "status", "seriesName"], + "additionalProperties": false +} +``` + +### Composed with Core CALM Schema + +For extending CALM components directly: + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "Company Node Standard", + "allOf": [ + { "$ref": "https://calm.finos.org/schemas/core.json#/defs/node" }, + { + "type": "object", + "properties": { + "costCenter": { + "type": "string", + "pattern": "^CC-[0-9]{4}$", + "description": "Company cost center code" + }, + "owner": { + "type": "string", + "description": "Team or individual responsible" + }, + "environment": { + "type": "string", + "enum": ["development", "staging", "production"] + } + }, + "required": ["costCenter", "owner"] + } + ] +} +``` + +## Core CALM Schema References + +Common `$ref` patterns for extending CALM components: + +- **Nodes**: `https://calm.finos.org/schemas/core.json#/defs/node` +- **Interfaces**: `https://calm.finos.org/schemas/core.json#/defs/interface` +- **Relationships**: `https://calm.finos.org/schemas/core.json#/defs/relationship` +- **Controls**: `https://calm.finos.org/schemas/core.json#/defs/control` + +**Note**: Exact URLs may vary based on CALM schema hosting. +Always verify current schema locations. + +## Integration with Controls + +Most controls use Standards indirectly through their requirement files. +This creates consistency across compliance frameworks: + +**Control Definition:** +```json +{ + "nist-access-control": { + "description": "NIST access control requirements", + "requirements": [ + { + "requirement-url": "https://requirements.company.com/nist-ac2.json", + "config": { /* configuration data */ } + } + ] + } +} +``` + +**Requirement File Using Standard:** +```json +{ + "$schema": "https://company.com/standards/nist-document.json", + "documentNumber": "NIST SP 800-53", + "controlId": "AC-2", + "title": "Access Control Requirements" +} +``` + +The requirement file uses the Standard as its schema, ensuring all NIST requirements follow the same structure. + +## Validation Integration + +Standards work seamlessly with `calm validate`: + +1. **Schema Resolution**: Validator resolves `$ref` to Standards automatically +2. **Composition**: Uses `allOf` to combine core CALM and Standard schemas +3. **Validation**: Applies standard JSON Schema validation +4. **Error Reporting**: Clear messages indicate Standard requirement violations + +## Common Standard Examples + +### Company Node Requirements + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "Company Node Standard", + "type": "object", + "properties": { + "costCenter": { + "type": "string", + "pattern": "^CC-[0-9]{4}$" + }, + "owner": { + "type": "string" + }, + "criticality": { + "type": "string", + "enum": ["low", "medium", "high", "critical"] + } + }, + "required": ["costCenter", "owner"] +} +``` + +### Interface Authentication Standard + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "OAuth Interface Standard", + "type": "object", + "properties": { + "authProvider": { + "type": "string", + "enum": ["company-sso", "external-oauth"] + }, + "scopes": { + "type": "array", + "items": { "type": "string" } + }, + "tokenLifetime": { + "type": "integer", + "minimum": 300, + "maximum": 3600 + } + }, + "required": ["authProvider", "scopes"] +} +``` + +### Security Control Framework + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "Security Control Standard", + "type": "object", + "properties": { + "framework": { + "type": "string", + "enum": ["NIST", "ISO27001", "SOC2"] + }, + "controlId": { + "type": "string" + }, + "implementationLevel": { + "type": "string", + "enum": ["basic", "standard", "advanced"] + }, + "evidenceRequired": { + "type": "array", + "items": { "type": "string" } + } + }, + "required": ["framework", "controlId"] +} +``` + +## Usage in CALM Architectures + +### Using Standards in Component Definitions + +```json +{ + "nodes": [ + { + "$ref": "#/defs/company-node" + } + ], + "defs": { + "company-node": { + "allOf": [ + { "$ref": "https://calm.finos.org/schemas/core.json#/defs/node" }, + { "$ref": "https://company.com/standards/company-node.json" } + ] + } + } +} +``` + +### Multiple Standards Composition + +```json +{ + "defs": { + "enterprise-node": { + "allOf": [ + { "$ref": "https://calm.finos.org/schemas/core.json#/defs/node" }, + { "$ref": "https://company.com/standards/company-node.json" }, + { "$ref": "https://industry.org/standards/security-node.json" } + ] + } + } +} +``` + +## FINOS Community Standards + +The FINOS community creates Standards for common financial services use cases: + +- **Regulatory Compliance**: Patterns for financial regulations +- **Risk Management**: Risk assessment and classification standards +- **Security Frameworks**: Industry security control patterns +- **Integration Patterns**: API and messaging standards + +## Validation Rules + +1. **Schema Format**: Must be valid JSON Schema 2020-12 +2. **Title Required**: Every Standard must have a descriptive title +3. **Property Descriptions**: All properties should include descriptions +4. **No Core Conflicts**: Standard properties must not conflict with core CALM schema +5. **Composition Compatibility**: When using `allOf`, ensure schemas compose correctly +6. **Reference Validity**: All `$ref` URLs must resolve to valid schemas + +## Best Practices + +### Standard Design +- **Focus Purpose**: Address specific organizational or domain needs +- **Clear Naming**: Make purpose obvious from title (e.g., "Company Node Standard") +- **Document Thoroughly**: Include descriptions for all properties and constraints +- **Version Semantically**: Use semantic versioning for Standard updates +- **Test Validation**: Verify Standards work with `calm validate` + +### Schema Composition +- **Use `allOf`**: Cleanly compose Standards with core CALM schemas +- **Avoid Conflicts**: Ensure no property name conflicts with core schema +- **Order Matters**: Place core schema reference first in `allOf` array +- **Validate Composition**: Test that combined schemas validate correctly + +### Organizational Adoption +- **Start Simple**: Begin with basic requirements (cost center, owner) +- **Iterate Gradually**: Add complexity as teams become comfortable +- **Document Usage**: Provide clear examples and adoption guides +- **Monitor Compliance**: Use validation to ensure Standards are followed + +## Cross-References + +- **Control Creation**: See control creation tool for integrating Standards with controls +- **Node Creation**: Reference for extending nodes with Standards +- **Interface Creation**: Guidance for interface-specific Standards +- **Architecture Creation**: How to structure architectures using Standards +- **Validation**: Understanding how Standards integrate with `calm validate` + +## Key Reminders + +- Always use JSON Schema 2020-12 specification +- Most controls will use Standards for their requirements +- Standards compose with core CALM schemas via `$ref` and `allOf` +- Focus on nodes, interfaces, relationships, and control-requirements +- FINOS community will provide reusable Standards for financial services +- Native JSON Schema validation handles Standard enforcement automatically \ No newline at end of file diff --git a/calm/draft/2025-03/samples/traderx/control-requirement/security_and_access_control/secrets-management-control-requirement.json b/calm/draft/2025-03/samples/traderx/control-requirement/security_and_access_control/secrets-management-control-requirement.json index a34abf3cd..5ef4b0f9a 100644 --- a/calm/draft/2025-03/samples/traderx/control-requirement/security_and_access_control/secrets-management-control-requirement.json +++ b/calm/draft/2025-03/samples/traderx/control-requirement/security_and_access_control/secrets-management-control-requirement.json @@ -60,4 +60,4 @@ "audit-secrets-access": false } ] -} +} \ No newline at end of file diff --git a/cli/README.md b/cli/README.md index 7eacbdc4e..7a90465c8 100644 --- a/cli/README.md +++ b/cli/README.md @@ -241,6 +241,7 @@ The chatmode includes specialized tools for each CALM component: - **Flow Creation**: Guide for business process flows and transitions - **Pattern Creation**: Guide for reusable architectural patterns using JSON schema constructs - **Metadata Creation**: Guide for metadata structure options (single object vs. array) +- **Standards Creation**: Guide for creating JSON Schema 2020-12 Standards that extend CALM components with organizational requirements Each tool includes complete schema definitions, validation rules, realistic examples, and cross-references to related tools. diff --git a/cli/src/command-helpers/ai-tools.ts b/cli/src/command-helpers/ai-tools.ts index 88d6dcfb3..9b3fab312 100644 --- a/cli/src/command-helpers/ai-tools.ts +++ b/cli/src/command-helpers/ai-tools.ts @@ -62,7 +62,9 @@ async function validateBundledResources(logger: Logger): Promise { 'tools/control-creation.md', 'tools/flow-creation.md', 'tools/pattern-creation.md', - 'tools/documentation-creation.md' + 'tools/documentation-creation.md', + 'tools/standards-creation.md', + 'tools/calm-cli-instructions.md' ]; const missingFiles: string[] = []; @@ -143,6 +145,7 @@ async function createToolPrompts(chatmodesDir: string, logger: Logger): Promise< 'flow-creation.md', 'pattern-creation.md', 'documentation-creation.md', + 'standards-creation.md', 'calm-cli-instructions.md' ]; diff --git a/docs/docs/working-with-calm/copilot-chatmode.md b/docs/docs/working-with-calm/copilot-chatmode.md index 9613aa50b..92086a1e1 100644 --- a/docs/docs/working-with-calm/copilot-chatmode.md +++ b/docs/docs/working-with-calm/copilot-chatmode.md @@ -64,6 +64,7 @@ The chatmode includes separate tools for each CALM component: - **Flow Creation**: Business process flows and transitions - **Pattern Creation**: Reusable architectural patterns using JSON schema - **Metadata Creation**: Metadata structure and requirements +- **Standards Creation**: JSON Schema 2020-12 Standards for extending CALM components with organizational requirements - **Documentation Creation**: Generating documentation from CALM models ## Using CALM Copilot Chat diff --git a/docs/docs/working-with-calm/standards.md b/docs/docs/working-with-calm/standards.md new file mode 100644 index 000000000..4f1d0a0c1 --- /dev/null +++ b/docs/docs/working-with-calm/standards.md @@ -0,0 +1,308 @@ +--- +id: standards +title: Standards +sidebar_position: 8 +--- + +# Standards + +The CALM Schema is designed to be unopinionated and open for extension outside of the core required fields. +Standards in CALM allow organizations and communities to create reusable JSON Schemas that extend core CALM components with additional properties. +This enables consistent organizational requirements and industry-specific extensions across CALM architectures. +It is expected that many organizations will use Standards to enrich the base schema to add consistency and constraints. + +## What are Standards? + +Standards are JSON Schema 2020-12 documents that define additional properties and constraints for CALM components. +They work by composing with core CALM schemas using `$ref` to add organization-specific or domain-specific requirements. + +**Key Characteristics:** +- Follow JSON Schema 2020-12 specification +- Reference core CALM schemas (`core.json`) using `$ref` +- Add organization or domain-specific properties +- Integrate seamlessly with existing CALM validation +- Can be shared across teams, organizations, or the broader community + +## Common Use Cases + +### Organization-Level Extensions + +Organizations often need to add consistent properties across their CALM architectures: + +- **Company Node Requirements**: Cost centers, ownership information, compliance tags +- **Interface Specifications**: Authentication requirements, rate limiting, monitoring +- **Relationship Policies**: Approval workflows, security zones, data classification +- **Control Requirements**: Organizational compliance frameworks and policies + +### Industry Standards + +Industry groups and frameworks can define domain-specific extensions: + +- **Financial Services**: Regulatory compliance, risk classifications +- **Healthcare**: HIPAA compliance, patient data handling +- **Government**: Security clearances, classification levels +- **Cloud Providers**: Service tiers, SLA requirements + +## How Standards Work + +Standards extend CALM components by defining additional JSON Schema properties that compose with the core CALM schema definitions. + +### Basic Structure + +A Standard is a valid JSON Schema 2020-12 document: + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "Company Node Standard", + "type": "object", + "properties": { + "costCenter": { + "type": "string", + "pattern": "^CC-[0-9]{4}$", + "description": "Company cost center code" + }, + "owner": { + "type": "string", + "description": "Team or individual responsible for this component" + }, + "environment": { + "type": "string", + "enum": ["development", "staging", "production"], + "description": "Deployment environment classification" + } + }, + "required": ["costCenter", "owner"], + "additionalProperties": false +} +``` + +### Referencing Core CALM Components + +Standards typically extend specific CALM components by referencing core schema definitions: + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "Extended Node with Company Requirements", + "allOf": [ + { "$ref": "https://calm.finos.org/schemas/core.json#/defs/node" }, + { + "type": "object", + "properties": { + "costCenter": { + "type": "string", + "pattern": "^CC-[0-9]{4}$" + }, + "owner": { + "type": "string" + } + }, + "required": ["costCenter", "owner"] + } + ] +} +``` + +## Standards and Controls Integration + +Most controls in CALM will use Standards to define consistent structures for their requirements and configurations. +This creates a consistent approach to compliance and governance across architectures. + +### How Standards Work with Controls + +Standards integrate with controls through the requirement files: + +1. **Control Definition**: The control specifies a `requirement-url` pointing to a requirement.json file +2. **Requirement Schema**: The requirement file may optionally use a Standard as its JSON Schema base +3. **Configuration Validation**: The control's configuration is validated against the requirement schema + +**Example NIST Document Standard:** + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "NIST Document Standard", + "type": "object", + "properties": { + "documentNumber": { + "type": "string", + "description": "The official NIST document number, e.g., 'NIST SP 800-207'" + }, + "title": { + "type": "string", + "description": "The full title of the NIST document" + }, + "status": { + "type": "string", + "enum": ["Final", "Draft", "Superseded", "Withdrawn"], + "description": "The current status of the document" + }, + "seriesName": { + "type": "string", + "description": "The NIST publication series name" + } + }, + "required": ["documentNumber", "title", "status", "seriesName"], + "additionalProperties": false +} +``` + +**Example Requirement File Using Standard:** + +```json +{ + "$schema": "https://company.com/standards/nist-document-standard.json", + "title": "NIST AC-2 Access Control Requirement", + "documentNumber": "NIST SP 800-53", + "controlFamily": "AC - Access Control", + "controlId": "AC-2", + "additionalRequirements": { + "implementationLevel": ["basic", "enhanced", "advanced"] + } +} +``` + +This approach allows multiple NIST control requirements to use the same Standard as their base schema, ensuring consistency. + +## Target CALM Components + +Standards are most commonly applied to these core CALM components: + +### Nodes +- **Organization Requirements**: Cost centers, ownership, environments +- **Infrastructure Standards**: Cloud provider specifications, resource limits +- **Compliance Tags**: Security classifications, regulatory requirements + +### Interfaces +- **Authentication Standards**: OAuth configurations, API key requirements +- **Protocol Specifications**: Version requirements, encoding standards +- **Performance Requirements**: Rate limits, timeout configurations + +### Relationships +- **Approval Workflows**: Required approvals for certain relationship types +- **Security Policies**: Network segmentation, data flow restrictions +- **Monitoring Requirements**: Logging, alerting, tracing specifications + +### Control Requirements +- **Compliance Frameworks**: NIST, ISO 27001, SOC 2 requirements +- **Organizational Policies**: Internal security, operational procedures +- **Audit Standards**: Evidence collection, documentation requirements + +## FINOS Community Standards + +The FINOS community will develop and maintain Standards for common financial services use cases: +These community Standards will be available for organizations to adopt and extend with their specific requirements. +At this time we are working with the appropriate FINOS groups to start these efforts in the appropriate working group. + +## Validation and Enforcement + +Standards integrate seamlessly with CALM's existing validation pipeline: + +### JSON Schema Validation + +The `calm validate` command uses standard JSON Schema validation to enforce Standards: + +```bash +# Validates architecture against core CALM schema and any referenced Standards +calm validate architecture.json +``` + +When components reference Standards via `$ref`, the validator automatically: +1. Resolves the Standard schema from its location +2. Composes it with the core CALM schema +3. Validates the component against the combined schema +4. Reports any validation errors with clear error messages + +### Error Handling + +Validation errors clearly indicate which Standard requirements are not met: + +``` +Validation Error in node 'payment-service': +- Missing required property 'costCenter' (required by Company Node Standard) +- Property 'environment' must be one of: development, staging, production +``` + +## Creating and Using Standards + +### 1. Define Your Standard + +Create a JSON Schema 2020-12 document that defines your additional requirements: + +```json +{ + "$schema": "http://json-schema.org/draft/2020-12/schema", + "title": "My Organization Node Standard", + "type": "object", + "properties": { + "department": { "type": "string" }, + "criticality": { + "type": "string", + "enum": ["low", "medium", "high", "critical"] + } + }, + "required": ["department"] +} +``` + +### 2. Host Your Standard + +Make your Standard accessible via URL: +- **Internal**: Company schema repository +- **Community**: FINOS Standards registry +- **Public**: GitHub, schema repositories + +This is also supported in the latest early access version of Calm Hub. + +### 3. Reference in CALM Components + +Use `allOf` to compose your Standard with core CALM schemas: + +```json +{ + "nodes": [ + { + "$ref": "#/defs/extended-node" + } + ], + "defs": { + "extended-node": { + "allOf": [ + { "$ref": "https://calm.finos.org/schemas/core.json#/defs/node" }, + { "$ref": "https://company.com/standards/company-node.json" } + ] + } + } +} +``` + +## Best Practices + +### Standard Design +- **Keep Standards focused**: Address specific organizational or domain needs +- **Use clear naming**: Make purpose and scope obvious from the title +- **Document thoroughly**: Include descriptions for all properties +- **Version carefully**: Use semantic versioning for Standard updates + +### Schema Composition +- **Use `allOf`**: Compose Standards with core CALM schemas cleanly +- **Avoid conflicts**: Ensure Standard properties don't conflict with core schema +- **Test validation**: Verify Standards work correctly with `calm validate` +- **Share responsibly**: Make useful Standards available to the community + +### Organizational Adoption +- **Start simple**: Begin with basic organizational requirements +- **Iterate gradually**: Add complexity as teams become comfortable +- **Document usage**: Provide clear guidance for teams adopting Standards +- **Monitor compliance**: Regular validation ensures Standards are followed + +## Next Steps + +- **Explore**: Review existing FINOS community Standards +- **Create**: Develop Standards for your organization's needs +- **Validate**: Test your Standards with `calm validate` +- **Contribute**: Share useful Standards with the FINOS community +- **Learn More**: See [Controls](../core-concepts/controls) for how Standards integrate with compliance frameworks + +Standards enable CALM to scale from individual architectures to organization-wide modeling practices while maintaining consistency and enforcing important requirements. \ No newline at end of file