FINOS Common Cloud Controls Project Resources

Explore key FINOS CCC resources including documentation, GitHub repositories, videos, and more to help you understand, implement, and contribute to the project.

FINOS CCC LINKS

Get Involved with FINOS CCC

The FINOS CCC documentation site offers concrete ways to get involved and in depth information.

FINOS CCC GitHub Repo

FINOS CCC is maintained and run through GitHub. Check the issues to see if there's anything you'd like to work on.

Common Controls for AI Services Press Release

BMO, Citi, Microsoft, Morgan Stanley, RBC, Google Cloud, Red Hat, AWS and others join forces to set secure, standardized AI controls for financial services.

How To Contribute

Become a project contributor by sharing your experience and best practises with the community

FINOS CCC VIDEOS

Announcing Common Controls for AI Services (CC4AI)

An open, collaborative project to create technology-neutral baseline standards for AI usage across cloud and hybrid environments, peer-reviewed governance frameworks and Real-time validation mechanisms (“Regulation-as-Code”).

Before You Build, Check What You Have: Practical Approaches To Assess Compliance Before Enforcement

Rather than prescribing a single solution, the session offers early design perspectives, implementation considerations, and practical observations based on real-world infrastructure patterns. The aim is to support adaptable, insight-driven CCC adoption that reduces risk and accommodates diverse organizational contexts, including hybrid and regionally governed environments.

Declarative by Default, Secure by Design: GitOps as a Control Plane for AI Governance

At the dawn of responsible, auditable, and explainable use of AI in financial services, the FINOS AI Governance Framework (AIGF) and Common Cloud Controls (CCC) define how compliant AI and secure cloud operations must look. However, implementing and preserving these frameworks and standards at scale is impossible, without relentless automation.

The Need for an Open Regulatory Blueprint

On this panel, leaders from Citi, Google Cloud, and BMO will discuss updates on the recently open sourced FINOS CCC project, and the need for a set of open standards that describes consistent controls for compliant cloud deployments to alleviate cybersecurity threats, compliance costs, a fragmented regulatory landscape, cloud concentration, and more.

The Need for an Open Source Public Cloud Standard

As the pace of cloud adoption accelerates in a highly fragmented global regulatory landscape, FINOS CCC aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers.

From CCC To Automated Cloud Detections and Remediations With Prowler and AI

In this hands-on workshop, you’ll learn how to bring Common Cloud Controls (CCC) to life through automation, using open source tools and AI.

Cloud Controls are Out of Control

This talk delves into the evolution of public cloud controls, highlighting one bank's journey from open-source tools to contemporary Cloud Security Posture Management (CSPM) services, and exploring the pain points that remain.

Building & Validating with Common Cloud Controls

In this presentation we will witness the first public demonstration of value from CCC through partnership with its sister project: Compliant Financial Infrastructure (CFI).

FINOS CCC DOCUMENTS

Contributing to Common Controls for AI

Introducing FINOS CCC

This is a short introduction to FINOS CCC

FINOS CCC - RESOURCES

Defining Best Practices Around Cloud Security

Introducing Common Controls for AI Services

FINOS CCC RESOURCES

FINOS CCC LINKS

FINOS CCC VIDEOS

FINOS CCC DOCUMENTS

Want to learn more about FINOS CCC or other FINOS Projects?