A 101 about compliance standards (PCI, SOC2, HIPAA, NIST 800-190, NIST 800-53, GDPR, ISO 27001, FedRamp) and benchmarks (CIS). What do you need to know as a DevOps and DevSecOps to set up and maintain a compliant cloud-native environment, including cloud assets, containers and clusters.Takeaways from the session:
1) You will learn about requirements from your environment, the security measures you have to implement, and information about them you have to produce to be compliant.
2) You will understand the differences between each compliance standard, and when each one is useful.
3) For some compliance controls that have an abstract definition, we will explain how to translate the requirements to specific cloud-native technologies.