Find an Artifact

Capabilities for Batch Processing technologies, as defined by the FINOS Common Cloud Controls project.

Controls for Messaging Services technologies, as defined by the FINOS Common Cloud Controls project.

Capabilities for Messaging Services technologies, as defined by the FINOS Common Cloud Controls project.

Controls for Machine Learning Development Environment technologies, as defined by the FINOS Common Cloud Controls project.

Capabilities for Machine Learning Development Environment technologies, as defined by the FINOS Common Cloud Controls project.

Controls for Generative AI Platform technologies, as defined by the FINOS Common Cloud Controls project.

Threats for Generative AI Platform technologies, as defined by the FINOS Common Cloud Controls project.

Capabilities for Generative AI Platform technologies, as defined by the FINOS Common Cloud Controls project.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to UK NCSC Software Security Code of Practice. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to NIST SSDF. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to SLSA. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to OpenSSF Scorecard. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to OWASP SAMM. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to P-SSCRM. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to PCI DSS. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to OpenCRE. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to ISO/IEC 18974. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to NIST CSF 2.0. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to EU Cyber Resilience Act. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to BSI TR-03185-2. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to OpenSSF Best Practices Badge. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to NIST SP 800-161. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

The Open Source Project Security (OSPS) Baseline is a set of security criteria that projects should meet to demonstrate a strong security posture.

Automated evaluation policy for the CIS Fedora Linux Level 1 Workstation Benchmark

Automated evaluation policy for the CIS Fedora Linux Level 1 Server Benchmark

Automated evaluation policy for branch protection controls using AMPEL

Control catalog derived from the CIS Fedora Linux Level 1 Workstation Benchmark

Control catalog derived from the CIS Fedora Linux Level 1 Server Benchmark

Branch protection controls for GitHub/GitLab repositories

Guidance catalog for the CIS Fedora Linux Level 1 Benchmark. Provides rationale and context for each control family covering filesystem hardening, service minimization, network security, firewall configuration, access controls, logging, and system maintenance. Shared across Server and Workstation profiles.

Maps FINOS AI Governance Framework mitigations (guidelines) to NIST SP 800-53 Revision 5 security and privacy controls. References derived from AIGF mitigation frontmatter.

A Gemara representation of the FINOS AI Governance Framework mitigations. All 23 AIGF mitigations are represented as guidelines; see the gemara/ README for the migration roadmap. The Markdown collections remain the canonical source of truth.

AIGF risks expressed as Gemara vectors. Each vector describes a pathway through which AI system failures or negative outcomes may be realized in financial services deployments.

Core principles underpinning the FINOS AI Governance Framework. Each principle represents a foundational value that one or more AIGF mitigations (guidelines) are designed to uphold.