[Security Review] Compliance TAG process and artifacts progress

[ancatri]

Project Name: Compliance TAG

Github URL:

Sandbox for: https://ibm.github.io/compliance-trestle/ https://github.com/IBM/compliance-trestle-agile-authoring https://auditree.github.io/ We are in the process of providing a new org for the oscal projects (Trestle, Agile Authoring and Compliance2Policy)

CNCF project stage and issue (NA):

Security Provider: yes/no (e.g. Is the primary function of the project to support the security of an integrating system?)

• [x ] Identify team
  • [x ] Project security lead
  • [ x] Lead security reviewer
  • [x ] 1 or more additional reviewer(s)
  • [ ] Every reviewer has read security reviewer guidelines and stated declaration of conflict
  • [ ] Sign off by facilitator on reviewer conflicts
• [x ] Create slack channel (e.g. #compliance-grc)
• [ ] Project lead provides draft document - see outline
• [x ] "Naive question phase" Lead Security Reviewer asks clarifying questions
• [ x] Assign issue to security reviewers
• [ x] Initial review
• [ x] Presentation & discussion
• [ ] Share draft findings with project
• [ ] Assessment summary and doc checked into /assessments/projects/project-name (require at least 1 co-chair approval)
• [ ] CNCF TOC presentation (if requested by TOC)

[PushkarJ]

@ancatri I think the wrong template was used. Can you close this and use the "proposal" issue template / type and create a new one ?

[ancatri]

@PushkarJ Sorry for missing the template ! Done now w "proposal" We can close this one ...

[PushkarJ]

Superseded by https://github.com/cncf/tag-security/issues/1206