The goal of the ACE Working Group of the Security Forum is to develop an Automated Compliance Expert (ACE) standard which will provide an XML based compliance knowledge-base, from which cost-effective compliance automation tools can be built. The ACE project was launched in our Security Forum meeting in Munich, on Wed Oct 22nd 2008:
- See the 1-sheet ACE-WG Quick Reference Guide
- Read the ACE-WG Charter

We welcome new members with expertize as subject vendors or users, who are interested in contributing to this development activity, either
- as a lead contributor and subject expert
- as a reviewer.
If you, or your colleagues or business partners, are interested, contact us.

Why join this WG?

The ACEML draft standard is now ready for Company Review, leading to approval for publication as an Open Group standard.  The review period starts on August 30th 2010 and closes on September 26th 2010.  This review is only accessible to Open Group members.

The 1-sheet Quick Reference Guide gives a a high level view of The Open Group’s proposed Automated Compliance Expert (ACE) Compliance Standard, including:
- links to related information on existing standards work on compliance
- the distinctive value-add the ACE-WG will deliver
- contact details on how to get involved

The Charter explains in more detail the context, scope, benefits (and to whom - suppliers and customers), deliverables, market, roadmap, and timeframe, in some detail. In summary, the business case is that according to AMR and Gartner Group, in 2009 companies in North America alone are estimated to spend over 0-billion on regulatory compliance, and will spend around -billion on technology solutions to solve their compliance requirements. The cost worldwide is huge, and the need to comply is not an option. Reducing this cost is therefore a business imperative.

The key components needed to reduce the cost of compliance are
- automation
- a consistent reproducible process.
The ACE-WG will deliver both, by creating an XML knowledge-base format which can be consumed by compliance tools. These tools will be able to achieve the high degree of automated compliance configuration and monitoring. This in turn will reduce the cost of compliance for end users and increase security consistency amongst their IT systems.

There are a number of different compliance standards, and there are many areas of compliance within these standards. Not all elements of compliance can be automated. However, many of the compliance standards have overlapping guidance in the area of IT security and configuration. The ACE standard will lead the way in providing an XML based compliance knowledge-base from which cost-effective compliance automation tools can be built.