CADF Cloud Auditing Data Federation Working Group (CADF)
The Cloud Auditing Data Federation Working Group (CADF) sets out to resolve major problems with the inconsistency, incompatibility, and even inability of existing cloud and service audit interfaces, technologies, and tools. We will do this by standardizing audit events across all cloud and service providers, and by making audit events comprehensible, consistent, shareable, and merge-able.
David Corlette, NetIQ Corporation
Matthew Rutkowski, IBM
Problem Space and Environment
Concerns over cloud provider security remain one of the top inhibitors to adoption of cloud deployment models. Potential consumers of cloud deployments understand and need assurance that the security policies they require on their applications are consistently managed and enforced “in the cloud” as they would be in their enterprise.
A cloud provider’s ability to provide specific audit event, log and report information on a per-tenant and application basis is essential. It is apparent that in order to meet these customer expectations, cloud providers must provide standard mechanisms for their tenant customers to self-manage & self audit application security that includes information about the provider’s hardware, software and network infrastructure used to run specific tenant applications.
We propose that the best way to address these requirements is by developing open standards for cloud auditing. These standards would support the submission and retrieval of normative audit event data from cloud providers in the form of customized reports and logs that can be dynamically generated for cloud customers using their criteria. Adoption of such open standards by cloud providers’ management platforms would go far to instill greater trust in “cloud hosted applications” and be a significant step forward in fulfilling the promise of an open cloud marketplace.
Visit the CADF Workspace (members-only).
Latest Specification and Profiles
Note: These implementations are by way of example only, and are not endorsed nor tested by DMTF.
Upcoming Workgroup Deliverables
|DMTF Standard Publication Identifier||Document Title||Target Version||Target Release Date|
|DSP2038||CADF Profile For OpenStack||1.0.0||2014Q3|
|DSP2039||Syslog Profile of CADF||1.0.0||TBD|
|DSP2040||XDAS Profile of CADF||1.0.0||TBD|
White Papers and Technical Notes
Work in Progress Documents
|DSP #||Version||Title||Date||Comments||Expiration Date|
|DSP2028||1.0.0a||Cloud Auditing Data Federation (CADF) Use Case White Paper||27 Jun 2012|
|DSP0262||1.0.0c||Cloud Audit Data Federation (CADF) - Data Format and Interface Definitions Specification||24 Feb 2014||
|DSP0262||1.0.0b||Cloud Audit Data Federation (CADF) - Data Format and Interface Definitions Specification||8 Jul 2013||
|DSP0262||1.0.0a||Cloud Auditing Data Federation (CADF) - Data Format and Interface Definitions Specification||17 Oct 2012||
Search for Standards
Recent CADF News
DMTF Feedback Policy
The DMTF welcomes feedback on our standards, but requires that individuals submitting comments first agree to our DMTF Feedback Policy.
Subscribe to Cloud Announcements List
Subscribe to the Cloud Announcements List to receive updates on news and activity.
Contact CADF WG
For questions, please complete our Contact a Working Group form.