afeld
commented
5 years ago You are totally right that this repository is only a proof-of-concept, which should probably be more clear. That said, we should not maintain these manually. The AWS compliance packages are expansive, and would be difficult to maintain in the OpenControl format by hand for their FedRAMP controls, much less all the other compliance programs they participate in.
It would be great to create the files in an automated way. Does AWS provide a machine-readable list of controls they implement, or a page/document that could be scraped? Note, this may be considered proprietary information - see #6.
I see only a handful (<10) of controls listed here. We need 421 controls completed to have FedRAMP-high compliance.
Who is in to do this with me?