60 likes | 145 Views
Controls. Wells Fargo Technology Controls Cube. Business Controls. Regulatory Controls. Security Controls. The Technology Controls Cube defines controls across three dimensions to establish clear accountability and ensure completeness of coverage Controls – Defines the requirement
E N D
Controls Wells Fargo Technology Controls Cube Business Controls Regulatory Controls Security Controls • The Technology Controls Cube defines controls across three dimensions to establish clear accountability and ensure completeness of coverage • Controls – Defines the requirement • Operations – Defines how the control is implemented and who is responsible for implementing the control • Technology Stack – Defines where the control is implemented in the technology stack Applications Data Services IT Management Services Security Services Platform Services Infrastructure Services Operations Tech Stack
Full Stack Automation (FSA) Scope for DevSecOps Controlsdeployed in a uniform manner across the technology stack by leveraging Full Stack Automation • Cross-organizational, engineering practice and capability that breaks down barriers and establishes collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production • Encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort – from Sunrise to Sunset • Provides built-in security controls through automation of the software development lifecycle along with enablement of security monitoring and integration with cyber threat management
Full Stack Automation (FSA) for DevSecOps IT Management Servceis Supply Chain / Vendor Management Change Management Incident, Event/ Problem Management Release/ Deploy Management IT Financial Management Asset/ Configuration Management Knowledge Management App Infrastructure Platform (middleware) Templates Security Full Stack Automation Images Artifact Repository Environment Libraries App Configs Virtual Perimeter CI CD PaaS Orchestrator IaaS Testing VCS Accounts, sub-nets, network isolation, Encryption, IAM Security Services Application Information Security Cyber Defense Management Center Identity / Access Management Information Security Risk Management Infrastructure Information Security Workforce Accountability Third Party Information Security Vulnerability Management
Controls The Security Controls are a baseline of the FedRAMP controls in NIST SP 800-53 tailored to Wells Fargo’s environment, standards, and responsibilities in developing and maintaining our cloud services. FedRAMPis a highly regarded controls framework in the security and risk community that allows for traceability to our various regulatory requirements and industry-recognized risk management frameworks. The Security Controls form the baseline of controls from which business controls and regulatory controls can be layered.
The “Technology” and “Operations” components of the Technology Controls Cube are in alignment with the services and capabilities outlined in the Wells Fargo IT Service Model and the Wells Fargo IT Capability Model Technology Stack and Operations