The Cloud Security Alliance (CSA) has launched an initiative to create a continuous assessment framework for cloud security. As part of that work, CSA is building a Continuous Audit Metrics Catalog for the cloud to help organizations assess the security of information systems on a near-continuous basis.
A version 1.0 of the continuous audit metrics catalog was released 10/19/2021. That document provides background on security metrics and continuous auditing, the use of metrics to increase the maturity of an organization's governance and risk management, a basic description of the metric format, and the initial catalog of 34 continuous audit metrics addressing controls from the CSA CCMv4.
This repository contains the YAML definition of the CSA's Continuous Audit Metrics Catalog in data/primary-dataset.yml, which will serve as a basis for the next release of this catalog. This work is hosted on GitHub to encourage everyone in the security community to contribute by directly proposing pull requests or by creating github issues.
An HTML preview of the current state of this catalog is available here.
Cloud Security Aliance summit in Oct 2021 included a presentation on the Continuous Audit Metrics catalog work. The full presentation can be watched as part of the summit material on brightTALK and the PDF is available for download in docs/v2ContinuousAuditBrightTALK.pdf.
In addition to the Continuous Audit Metrics Catalog, this repository also hosts Auditing guidelines for continuous audit metrics.
To engage with this work, please also consider joining the CSA Continuous Audit Metrics working group for real-time discussions.
The structure of a metric is detailed here.
There are two ways to contribute new metrics to the Catalog.
First, if you are not comfortable with YAML or pull-request, you can also propose a metric by simply creating an issue here on GitHub. As a minimum, your proposal should contain the following fields:
- Metric Description
- Expression
- Rules
- SLO recommendations
These fields are detailed here.
Next, you can modify the YAML file data/primary-dataset.yml and add the metrics you want. Then create a PR (pull-request) on this GitHub repository.
The community will discuss this pull request and potentially add it to the catalog.
To suggest changes or corrections to existing metrics in the catalog, please follow the same process as for new metrics: either create a pull request or a GitHub issue.
The YAML file representing the CSA continuous audit metrics and any associated documentation provided in this repository are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license as described in the LICENSE file.
For commercial use of this work, please contact CSA at [email protected]
Open source tools to use the metrics are being worked on in the CAML repository.