FINOS Common Cloud Controls Project

FINOS Common Cloud Controls Project

What is the FINOS Common Cloud Controls Project?


FINOS Common Cloud Controls (FINOS CCC) is the codename for an open standard project, originally proposed by Citi and now open source under FINOS, to describe consistent controls for compliant public cloud deployments in the financial services sector.

This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).

By developing a unified taxonomy of common services and associated threats, the project also sets out to alleviate the systemic risk of cloud concentration, an issue highlighted in recent reports from the U.S. Department of the Treasury, the UK HMT, the European Council, and the Monetary Authority of Singapore


Read the 27 July 2023 Formation Announcement

Read the 24 October 2023 Open Sourcing Announcement

2023-10-23 - FINOS Announces the Open Sourcing of FINOS Common Cloud Controls to Address Cybersecurity, Compliance and Cloud Concentration Risks in Financial Services


Why is this important?

A cloud control standard is urgently needed to enhance security and governance protocols in the financial services sector, as well as to streamline and universalize access for all institutions to efficiently utilize the public cloud. Cooperating amongst financial services peers and CSPs is crucial to ensure uniformity across various cloud service providers, thereby enabling the industry to implement effective multi-cloud strategies.

Owing to the intricate nature and economic implications of this task, no single service provider, financial entity, or regulatory body can precisely outline what constitutes a compliant financial cloud deployment. The only viable path is through open engagement among stakeholders.

Moreover, from a security standpoint, by coordinating the measures specific to a service-oriented threat model, we can systematically apply controls that correspond to the actual threats we seek to neutralize.


Download the FINOS Common Cloud Controls Project Deck for more details

Screen Shot 2023-07-26 at 4.53.21 PM


How to get involved

The project is inviting participation from financial institutions globally, CSPs, fintech and technology vendors, industry associations, and regulators to ensure broad representation of all constituents involved in the shared responsibility model. You can participate in the project in Github or fill the form below to get in touch with the FINOS team.

Fill out the form if you want to learn more about the FINOS Common Cloud Controls project.