Istio OSCAL Controller Proposal

Proposal for Istio OSCAL Controller

We will grant permissions to submit the proposal

Name: Istio OSCAL Controller

Desired Initial Maturity Level (Sandbox, Incubating, Graduated): Sandbox

Problem Statement (i.e. problem you want to solve): Organizations that adopt service meshes like Istio often face challenges aligning their deployments with compliance frameworks such as FedRAMP, NIST, and DoD-specific requirements. The Istio OSCAL Controller addresses this by automating compliance reporting for Istio deployments. It leverages the OSCAL (Open Security Controls Assessment Language) standard to generate machine-readable compliance artifacts, streamlining audits and ensuring adherence to security baselines.

Description: The Istio OSCAL Controller is a Tetrate-led project that simplifies compliance for Istio service mesh deployments. It integrates compliance reporting into Istio workflows using the OSCAL standard, automating artifact generation and reducing the manual effort required for regulatory audits.

Epic Tracking: TBD

Initial Members:

TBD

apiVersion: bbtoc/v1alpha
kind: Project
# NOTE: Remove lines that are not applicable
metadata:
  # Sandbox: Name of the product to be evaluated
  name: "istio-oscal-controller"

  # Sandbox: Product vendor (opensource if no vendor)
  vendor: "Tetrate"

  # Sandbox: Short description of the product
  description: "The Istio OSCAL Controller automates compliance artifact generation for Istio deployments."

  # Sandbox: URL(s) to product website for further information
  website:
  - "https://tetrate.io/"
  - "https://github.com/tetrateio/istio-oscal-controller"

  # Sandbox: product source code repositories (e.g. github.com). If not opensource, put "Proprietary"
  sourceCode:
  - "https://github.com/tetrateio/istio-oscal-controller"

  # Sandbox: Product licenses (e.g. Apache 2.0, GPL 3.0, MIT, Proprietary). Include both free and paid tiers if they exist.
  license:
  - "Proprietary"

  # Maturity level of the package
  maturityLevel: Sandbox # Sandbox, Incubating, or Graduated

  # Sandbox: Points of contact for project (at least 2)
  contacts:
  - name: "TBD"
    repo1user: @tbd
  - name: "TBD"
    repo1user: @tbd

spec:
  # Sandbox: Package(s) contained in the product (e.g. operator and application). Each package will have its own repository in repo1.
  packages:
    # Sandbox: Name of the package
  - name: "istio-oscal-controller"

    # Sandbox: Big Bang repository (i.e. https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/<your project>)
    repository: "https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/istio-oscal-controller"

    # Incubating: List of images contained in the package.
    images:
      # Incubating: Name of the image
      - name: ""

        # Incubating: Iron Bank approval request (https://repo1.dso.mil/dsop/<your project>/-/issues/1)
        repository: ""

        # Graduated: Iron Bank approval URL (https://ironbank.dso.mil/repomap/details;registry1Path=<your project path>)
        approval: ""

    # Graduated: Links to required documentation
    documentation: []

  # Name and date of required verifications (e.g. "John Doe, 7 Dec 2021")
  signOffs:

    # Sandbox: Verification of requirements
    sandboxVerification: ""

    # Incubating: Verification of requirements
    incubatingVerification: ""

    # Graduated: Verification of requirements
    graduatedVerification: ""