Framework Comparison
An objective comparison of key characteristics across cloud frameworks. The goal is not competition, but context — WAF++ complements existing approaches with governance, transparency, and a sovereign multi-cloud perspective.
Where WAF++ stands alone
Three capabilities no other framework in this comparison covers fully — the reasons WAF++ exists alongside them, not instead of them.
Data residency, vendor lock-in avoidance, and exit strategies are not an afterthought — Pillar 7 is sovereign by design. No other framework in this comparison treats this as a primary, scoreable concern.
Every framework decision goes through a documented RFC — traceable, challengeable, and versioned. Provider frameworks update silently. WAF++ requires evidence for every rule, making governance a transparent artifact.
CNCF has open governance but no assessment framework. Provider frameworks have assessments but are vendor-bound. WAF++ is the only option with both — vendor-neutral scoring and community-driven TSC governance.
Side-by-side comparison
Seven criteria across five frameworks. WAF++ is highlighted — not to win, but to show where it uniquely adds value.
| Criterion | WAF++ | AWS WA | Azure CAF | GCP Framework | CNCF |
|---|---|---|---|---|---|
| Vendor-neutral | |||||
| Governance model (TSC / Maintainers / WGs) | |||||
| Assessment framework | |||||
| Multi-cloud focus | Partial | Partial | Partial | ||
| Sovereignty & exit capability as a pillar | Partial | ||||
| Auditability & traceability (evidence, RFCs) | Partial | Partial | Partial | Partial | |
| Provider tooling as part of the framework |
What does this mean in practice?
The table shows capability coverage, not a winner. The right framework depends on your problem — here's how to pick.
AWS WA, Azure CAF, and GCP Framework are the right choice for deep, service-aligned implementation guidance within a single provider. They know their products — use that. WAF++ is not a replacement for this.
When architectural decisions span providers — or need to survive a future migration — WAF++ gives you the neutral lens. Principles, evidence, and traceable decisions that don't depend on which provider you're with today.
CNCF provides the ecosystem and best practices. WAF++ builds on that proximity and adds the missing piece: a structured assessment model with scoring, criteria, and a governance process that produces auditable evidence.
Ready to go deeper?
Read the full positioning context on the Why-not page — or jump straight into the 7 pillars to see what WAF++ covers in practice.