To learn about Compliance Masonry at a high level:
Modern applications are built on existing systems such as S3, EC2, and Cloud Foundry. Documentation for how these underlying systems fulfill NIST controls or PCI SSC Data Security Standards is a prerequisite for receiving authorization to operate (ATO). Unlike most System Security Plan documentation, Compliance Masonry documentation is built using OpenControl Schema, a machine readable format for storing compliance documentation.
Compliance Masonry simplifies the process of certification documentations by providing:
- a data store for certifications (ex FISMA), standards (ex NIST-800-53), and the individual system components (ex AWS-EC2).
- a way for government projects to edit existing files and also add new control files for their applications and organizations.
- a pipeline for generating clean and standardized certification documentation.
See this list of OpenControl project examples.
Take a look at the installation instructions if you'd like to run Masonry locally.