An OpenStack deployment may require compliance activities for many purposes, such as regulatory and legal requirements, customer need, privacy considerations, and security best practices. The Compliance function is important for the business and its customers. Compliance means adhering to regulations, specifications, standards and laws. It is also used when describing an organizations status regarding assessments, audits, and certifications. Compliance, when done correctly, unifies and strengthens the other security topics discussed in this guide.

This chapter has several objectives:

  • Review common security principles.

  • Discuss common control frameworks and certification resources to achieve industry certifications or regulator attestations.

  • Act as a reference for auditors when evaluating OpenStack deployments.

  • Introduce privacy considerations specific to OpenStack and cloud environments.