CADF Cloud Auditing Data Federation

The Cloud Auditing Data Federation (CADF) standard defines a full event model anyone can use to fill in the essential data needed to certify, self-manage and self-audit application security in cloud environments.

Potential consumers of cloud deployments need assurance that the security policies they require on their applications are as consistently managed and enforced “in the cloud” as they would be in their enterprise. CADF is an open standard that addresses this need by enabling cross-vendor information sharing via its data format and interface definitions.

Supporting the federation of normative audit event data to and from cloud providers, CADF delivers new levels of insight into the provider’s hardware, software, and network infrastructure used to run specific tenant applications in a multi-vendor environment – whether private, public or hybrid.

With a robust query interface that can be extended to reflect the unique resources of each provider, this standard also defines a means to attach domain-specific identifiers, event classification values, and tags that can be used to dynamically generate customized logs and reports for cloud subscribers or customers. In addition, CADF goes beyond log-based periodic audits to offer the ability to perform real-time performance metering and monitoring, which can be used to assure customer Quality-of-Service.

CADF is part of DMTF’s Cloud Management Initiative, which is focused on developing interoperable cloud infrastructure management standards and promoting the adoption of those standards in the industry.

CADF has been implemented in pyCADF: A Python-based CADF Library, used by OpenStack (implementations are shared by way of example only, and is not endorsed nor tested by DMTF).

Get Involved

Work on the CADF standard takes place in the DMTF’s CADF Working Group. Learn more and join DMTF to participate.

DMTF welcomes feedback on our standards, but requires that individuals submitting comments first agree to our DMTF Feedback Policy.


DMTF Specifications

DSP # Version Title Date Comments Versions
DSP2038 1.1.0 Cloud Audit Data Federation - OpenStack Profile (CADF-OpenStack) 16 Apr 2015 Informational View
DSP0262 1.0.0 Cloud Auditing Data Federation (CADF) - Data Format and Interface Definitions Specification 19 Jun 2014 Standard View

White Papers and Technical Notes

DSP # Version Title Date Comments Versions
DSP2038 1.0.0 Cloud Audit Data Federation - OpenStack Profile (CADF-OpenStack) 16 Sep 2014 Informational View

Historical Documents

DSP # Version Title Date Comments
DSP2028 1.0.0a Cloud Auditing Data Federation (CADF) Use Case White Paper 27 Jun 2012 Historical

Open Source Projects using DMTF CADF Technologies

DMTF technologies are leveraged in numerous third-party open source projects. If you are aware of any additional projects using DMTF technologies that are not included below, please contact us so we can add them to the list.
Open Source Project Description of Tool
OpenStack Ceilometer

The Ceilometer project is a data collection service that provides the ability to normalize and transform data across all current OpenStack core components with work underway to support future OpenStack components.

OpenStack Keystone

Keystone provides notifications about usage data so that 3rd party applications can use the data for billing, monitoring, or quota purposes. This document describes the current inclusions and exclusions for Keystone notifications.

OpenStack Monasca

Monasca is a open-source multi-tenant, highly scalable, performant, fault-tolerant monitoring-as-a-service solution that integrates with OpenStack. It uses a REST API for high-speed metrics processing and querying and has a streaming alarm engine and notification engine.