Primary Authors: @onlydole
Approved on: April 6th, 2023
Reviewed and contributed to by:
- Biweekly on Thursdays @ 10 AM Pacific Time
This charter describes the operations of the CNCF Public Sector User Group, which focuses on developing and sharing cloud native practices for public sector organizations that are building and operating cloud native infrastructure or applications.
This user group (UG) produces supporting material and best practices for end users in the public sector and provides guidance and coordination for CNCF projects working within the group's scope.
The mission of the CNCF Public Sector User Group is to:
- Collaborate on areas related to developing, distributing, deploying, managing and operating secure cloud native workflows that can be used by organizations in the public sector vertical. Develop informational resources including guides, tutorials, and white papers to give the community an understanding of best practices, trade-offs, and value-adds.
- Identify useful CNCF projects and contexts.
- Share information about gaps and opportunities for improvement with the CNCF ecosystem.
The CNCF Public Sector User Group focuses on the following topics of the lifecycle of cloud-native applications:
- Isolated Environment Cloud Native Computing
- An isolated environment is an environment that, because of locality or security constraints, is never connected to a broader network (airgapped) and must therefore be provisioned and maintained through media transfer (sneakernet).
- Far Edge Cloud Native Computing
- The far edge refers to systems that, because of size, weight, and power (SWAP) or locality constraints, is limited in scalability of computing resources and in connectivity to broader networks.
- Limited Access Cloud Native Computing
- Limited access refers to cloud environments that, because of security classification or citizenship requirements, have physical connectivity restrictions and specialized regulatory approvals for data processing.
The group will work on developing best practices, fostering collaboration between related projects, working on improving tool interoperability, as well as proposing new initiatives and projects when blank spots in the current landscape are identified.
For CNCF projects, the scope of the Public Sector User Group engages, amongst others, with the application management focused ones, for example:
- Guidance on meeting different government compliance requirements (US Specific examples include FIPS 140-2 and FedRamp
Anything not explicitly considered in the scope above. Example include:
- Discussion of information that is restricted such as export controlled. Separate non-CNCF sessions can be organized by User Group members that meet participant government requirements.
- Track CNCF Project adoption of White House Executive Order on Improving the Nation’s Cybersecurity guidance.
- Provide guidance on governance models for CNCF sensitive projects that address steering concerns within the spirit of open source.
- Open Source Memo on the benefits for open source and where the risk profile is for CNCF projects.
- Breaking down regulatory guidance and mapping to CNCF projects / gaps
- Collate and recommend data standards and formats for open source transparency (licensing, SBOM, build infra, contributors, governance).
- Break down Government Open Source Requirements and mapping implementation of capabilities to CNCF projects.
- Mapping compliance of security or other items from Government requirements (WH Executive Order 14028) to CNCF Project processes to show what CNCF projects are compliant.
The Public Sector is a broad vertical within Cloud Native computing; therefore this TAG may collaborate with other CNCF UGs, TAGs, and projects on various efforts.