On 4/7/25 17:24, acc.bu.mo@gmail.com wrote:

Hi everyone,

I'm currently working on my end-of-studies project focused on security auditing and compliance in OpenStack environments.

As part of this project, I'm exploring how OpenStack deployments can align with compliance frameworks, especially SecNumCloud (from the French cybersecurity agency ANSSI). However, I'm also very interested in hearing about any tools, methods, or practices used for other standards (ISO 27001, CIS, FedRAMP, etc.).

I'm still new to OpenStack and cloud compliance in general, and I'm finding it challenging to identify practical tools or workflows that companies actually use to perform security audits or compliance checks in OpenStack.

If you're using (or have used) any tools, scripts, checklists, middleware, SIEM integrations, etc. for auditing OpenStack security or compliance I would be incredibly grateful if you could share your experience or point me in the right direction 🙏

Thank you so much in advance!

Best regards,

Hi, Maybe this document is an interesting read: https://cyber.gouv.fr/sites/default/files/document/anssi-guide-openstack_v1-... Though it's in French, and has some defects (like reporting things that shouldn't, and some not reported that should be), it may be a good start. I hope that helps, Cheers, Thomas Goirand (zigo)