(Note: A list of links for all articles in this series can be found at the conclusion of this article.)
In the last two blog posts of this multi-part series on continuous compliance, we presented Compliance Policy Administration Centers (CPAC) that facilitate the management of various compliance artifacts connecting the Regulatory Policies expressed as Compliance-as-Code with technical policies implemented as Policy-as-Code. This bridging is the key enabler of end-to-end continuous compliance: from authoring controls and profiles to mapping to technical policies and rules, to collecting assessment results from the policy engines, and finally to aggregating them against regulatory compliance into an encompassing posture for the whole environment. A critical limitation that surfaces for the compliance teams is their shortage on technical resources and skills, making the task of bridging into technology level programatic rules, check, and evidence collection extremely challenging.
