WAF++ Logo WAF++
Positioning

Why not X?

There are already strong frameworks — and that’s a good thing. WAF++ does not exist to replace them, but to make governance, traceability, and vendor-neutral multi-cloud decision-making a first-class objective.

Framework Comparison → 7 Pillars Governance
Short answer
When is WAF++ the right choice?

You need to decide across providers

If architectural decisions don’t happen within a single cloud provider (or you take exit capability seriously), you need a neutral lens.

You want decisions to be auditable

WAF++ relies on evidence, RFCs, and transparent trade-offs — making reviews, audits, and long-term operations significantly easier.

You want governance & community processes

Maintainers, working groups, and a TSC are part of the system — not “maybe later”.

Principle
WAF++ doesn’t replace — it complements

Many teams already use AWS Well-Architected, Azure CAF, or GCP frameworks — and should keep doing so. WAF++ positions itself as an “overlay”: vendor-neutral, governance-first, and focused on sovereign multi-cloud architectures.

Provider Frameworks
Why not AWS Well-Architected / Azure CAF / GCP Framework?

What these frameworks do really well

  • Concrete, product-aligned recommendations (services, implementation)
  • Operationalization within a single ecosystem
  • Lots of references, tools, and quick wins

Where the limits are (for your problem space)

  • Provider-bound (neutral comparison is not the goal)
  • No community-driven governance / RFC processes
  • Sovereignty & exit capability often not treated as a “first-class” pillar

How WAF++ complements

WAF++ provides a neutral assessment lens you can apply to AWS/Azure/GCP — including governance, evidence requirements, and roadmap-driven evolution. Provider frameworks remain valuable sources for concrete implementation guidance.

Open Source
Why not CNCF alone?

What CNCF provides

  • Ecosystem + standards + best practices
  • Project governance as a proven model
  • TAGs & references for cloud-native topics

What CNCF does not aim to be

  • No single, consistent assessment framework
  • No “one-size-fits-all” scoring logic
  • No framework that defines auditability as an artifact standard

How WAF++ leverages CNCF proximity

WAF++ aligns with CNCF governance principles (working groups, maintainers, TSC) and focuses on the missing link: assessment, criteria, evidence, and traceable decisions across provider boundaries.

Standards
Why not ISO/NIST/BSI as the only foundation?

Strengths

  • Legally robust and audit-ready standards
  • Strong foundation for controls and compliance
  • Widely accepted terminology

Limitations

  • Often too abstract for day-to-day architecture decisions
  • Limited guidance on trade-offs and operational reality
  • Little “cloud-native” orientation as a pattern lens

The WAF++ approach

WAF++ does not aim to replace standards, but to translate them into a practical assessment structure — with questions, evidence, and reference models. This makes “compliance” compatible with engineering.

Practical guidance
How to use WAF++ together with X

With AWS/Azure/GCP

Use WAF++ as a neutral assessment lens. Use provider frameworks for concrete service and implementation guidance.

With CNCF

Use CNCF as the ecosystem & best practices. Use WAF++ for assessment, scoring, and governance processes.

With standards

Use ISO/NIST/BSI as the control foundation. Use WAF++ to operationalize them for architecture & platform teams.

Next step

If you want to see where WAF++ clearly differs, take a look at the comparison — or jump straight into the active pillars.

Comparison → Pillars →