CSNF: In Scope / Out of Scope
- The focus of initial iterations is on data in the Security space. Other domains (e.g., operational monitoring) may be addressed in the future.
- Need to think of cloud services from the context of IaaS, PaaS, and SaaS and focus on data from Cloud Service Providers (CSPs).
- CSPs include not only Cloud Providers like Azure, Amazon, Google, but also security solutions / services from Symantec, Microsoft Defender for ATP, etc.
- The initial effort is scoped to documenting the common taxonomy.
- Format of the taxonomy is scoped to json or others (Syslog, CEF)? [Where do we get the broadest market adoption- can we be format agnostic?]
Out of Scope
- The specific technology as to how do these CSPs protect security perimeter.
- Security Solutions not protecting cloud workloads.
- Updating CSPs to include the common taxonomy is not in scope. [CSPs can update at their own pace as needed at least foundational elements]
- Potential future scope –Tooling for compliance certification to the published taxonomy
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified September 21, 2021: Update scope.md (982d1d3)