Abstract: Technology is shown for establishing a chain of trust for an unknown root certificate in an isolated network that is verified using a chain of trust external to the network. A bootstrap executable and a leaf certificate rooted in the external chain of trust are configured with an OID. The leaf certificate is received in the isolated network and used to sign a new root certificate created in the isolated network to create a blob that is stored in a pre-determined location. The bootstrap executable is executed to instantiate a client machine, which retrieves the blob and verifies its signature using the leaf certificate. The client machine verifies that the OID values from the blob and bootstrap executable match. If the signature and OID checks are successful, then the new root certificate is distributed within the isolated network and installed in a PM certificate chain of trust.

Abstract: Technology is shown for dynamically attaching secure properties to an identity certificate. Claims determining secure properties for an identity are signed and embedded in an identity certificate. Both the identity certificate and the signed claims in the certificate are verified. When a service request is received from the identity, the signed claims from the identity certificate are checked to determine if the request is permitted. If the request is permitted, then the service request is processed. Some examples involve creating claims determining the secure properties for the remote machine, signing the claims to create the signed claims, distributing the signed claims to a certificate authority, embedding the signed claims in the remote machine identity certificate, and distributing the remote machine identity certificate. The claims can be embedded in the certificate as X.509 properties.

Abstract: A compliance user or auditor is enabled to inject failures into a sandbox environment, which may be similar to a production service. The sandbox environment may be monitored by the same automation that watches compliance controls in the production service. As the user injects compliance failures into the sandbox, they may detect the appropriate alerts fire in the monitoring system, thereby gaining trust that the monitoring works as it should. A rich report resulting from the test activities may allow the user or auditor to see how a failure of a compliance control leads to the expected monitoring alert.

Abstract: A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification.

Abstract: A compliance user or auditor is enabled to inject failures into a sandbox environment, which may be similar to a production service. The sandbox environment may be monitored by the same automation that watches compliance controls in the production service. As the user injects compliance failures into the sandbox, they may detect the appropriate alerts fire in the monitoring system, thereby gaining trust that the monitoring works as it should. A rich report resulting from the test activities may allow the user or auditor to see how a failure of a compliance control leads to the expected monitoring alert.

Abstract: A compliance user or auditor is enabled to inject failures into a sandbox environment which may be similar to a production service. The sandbox environment, may be monitored by the same automation that watches compliance controls in the production service. As the user injects compliance failures into the sandbox, they may detect the appropriate alerts fire in the monitoring system, thereby gaining trust that the monitoring works as it should. A rich report resulting from the test activities may allow the user or auditor to see how a failure of a compliance control leads to the expected monitoring alert.

Abstract: Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Abstract: A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification.

Abstract: A certification application automatically generates a certification document associated with a service. A transformation module retrieves a component information associated with a status of a service from a data store maintaining the component information. The component security data and component metadata is included within the component information. The component information is transformed for insertion into a certification information. Risk analysis, phraseology, and localization data is used to transform the component information. The certification document is generated based on the certification template by inserting the component information into the certification template.

Abstract: A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification.

Abstract: Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Abstract: Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Abstract: A cloud service system may activate features or functionality based on agreement of at least two parties such as a system administrator and a compliance officer to mitigate compliance, security, or privacy impact on the service. The controllers may make the “enable feature” decision independently, but still have equal say in the outcome. In some examples, pre-established profiles may be provided to a controller such as a compliance officer to make decisions by selection on his/her behalf at a particular level of risk acceptance and/or to meet a particular regulatory standard/certification.

Abstract: Allocation of computing threads can include receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Abstract: A compliance user or auditor is enabled to inject failures into a sandbox environment which maybe similar to a production service. The sandbox environment, may be monitored by the same automation that watches compliance controls in the production service. As the user injects compliance failures into the sandbox, they may detect the appropriate alerts fire in the monitoring system, thereby gaining trust that the monitoring works as it should. A rich report resulting from the test activities may allow the user or auditor to see how a failure of a compliance control leads to the expected monitoring alert.

Abstract: A compliance user or auditor is enabled to inject failures into a sandbox environment, which may be similar to a production service. The sandbox environment may be monitored by the same automation that watches compliance controls in the production service. As the user injects compliance failures into the sandbox, they may detect the appropriate alerts fire in the monitoring system, thereby gaining trust that the monitoring works as it should. A rich report resulting from the test activities may allow the user or auditor to see how a failure of a compliance control leads to the expected monitoring alert.

Abstract: Allocation of computing threads can include receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Abstract: A computer-implemented method for allocating threads includes: receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Abstract: A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification.

Abstract: A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification.