Cloud Control Matrix

1
Human Resources (12) Asset Returns Background Screening Employment Agreements Employment Termination Industry Knowledge / Benchmarking Mobile Device Management Non-Disclosure Agreements Roles / Responsibilities Technology Acceptable Use Training / Awareness User Responsibility Workspace Governance and Risk Management (3) Risk Assessments Risk Management Framework Risk Mitigation / Acceptance Identity & Access Management (13) Audit Tools Access Credential Lifecycle / Provision Management Diagnostic / Configuration Ports Access Policies and Procedures Segregation of Duties Source Code Access Restriction Third Party Access Trusted Sources User Access Authorization User Access Reviews User Access Revocation User ID Credentials Utility Programs Access Infrastructure & Virtualization Security (12) Audit Logging / Intrusion Detection Change Detection Clock Synchronization Information System Documentation Management - Vulnerability Management Network Security OS Hardening and Base Conrols Production / Non-Production Environments Segmentation VM Security - vMotion Data Protection VMM Security - Hypervisor Hardening Wireless Security Interoperability & Portability (5) APIs Data Request Policy & Legal Standardized Network Protocols Virtualization Mobile Security (20) Anti-Malware Application Stores Approved Applications Approved Software for BYOD Awareness and Training Cloud Based Services Compatibility Device Eligibility Device Inventory Device Management Encryption Jailbreaking and Rooting Legal Lockout Screen Operating Systems Passwords Policy Remote Wipe Security Patches Users Security Incident Management, E- Discovery & Cloud Forensics (5) Contact / Authority Maintenance Incident Management Incident Reporting Incident Response Legal Preparation Incident Response Metrics Threat and Vulnerability Management (3) Anti-Virus / Malicious Software Vulnerability / Patch Management Mobile Code Application & Interface Security (4) Application Security Customer Access Requirements Data Integrity Data Security / Integrity Business Continuity Management & Operational Resilience (12) Business Continuity Planning Business Continuity Testing Datacenter Utilities / Environmental Conditions Documentation Environmental Risks Equipment Location Equipment Maintenance Equipment Power Failures Impact Analysis Management Program Policy Retention Policy Change Control & Configuration Management (5) New Development / Acquisition Outsourced Development Quality Testing Unauthorized Software Installations Production Changes Data Security & Information Lifecycle Management (8) Classification Data Inventory / Flows eCommerce Transactions Handling / Labeling / Security Policy Information Leakage Non-Production Data Ownership / Stewardship Secure Disposal Datacenter Security (9) Asset Management Controlled Access Points Equipment Identification Off-Site Authorization Off-Site Equipment Policy Secure Area Authorization Unauthorized Persons Entry User Access Encryption & Key Management (4) Entitlement Key Generation Sensitive Data Protection Storage and Access Cloud Control Matrix 3.0 Audit Assurance and Compliance (3) Audit Planning Independent Audits Information System Regulatory Mapping Supply Chain Management, Transparency and Accountability (9) Data Quality and Integrity Incident Reporting Network / Infrastructure Services Provider Internal Assessments Supply Chain Agreements Supply Chain Governance Reviews Supply Chain Metrics Third Party Assessment Third Party Audits Allen Zhang HMSA 2014 V1

Transcript of Cloud Control Matrix

Page 1: Cloud Control Matrix

Human Resources(12)Asset ReturnsBackground ScreeningEmployment AgreementsEmployment TerminationIndustry Knowledge / BenchmarkingMobile Device ManagementNon-Disclosure AgreementsRoles / ResponsibilitiesTechnology Acceptable UseTraining / AwarenessUser ResponsibilityWorkspace

Governance and Risk Management(3)Risk AssessmentsRisk Management FrameworkRisk Mitigation / Acceptance

Identity & Access Management(13) Audit Tools AccessCredential Lifecycle / Provision ManagementDiagnostic / Configuration Ports AccessPolicies and ProceduresSegregation of DutiesSource Code Access RestrictionThird Party AccessTrusted SourcesUser Access AuthorizationUser Access ReviewsUser Access RevocationUser ID CredentialsUtility Programs Access

Infrastructure & Virtualization Security(12)Audit Logging / Intrusion DetectionChange DetectionClock SynchronizationInformation System DocumentationManagement - Vulnerability ManagementNetwork SecurityOS Hardening and Base ConrolsProduction / Non-Production EnvironmentsSegmentationVM Security - vMotion Data ProtectionVMM Security - Hypervisor HardeningWireless Security

Interoperability & Portability(5)APIsData RequestPolicy & LegalStandardized Network ProtocolsVirtualizationMobile Security(20)Anti-MalwareApplication StoresApproved ApplicationsApproved Software for BYODAwareness and TrainingCloud Based ServicesCompatibilityDevice EligibilityDevice InventoryDevice ManagementEncryptionJailbreaking and RootingLegalLockout ScreenOperating SystemsPasswordsPolicyRemote WipeSecurity PatchesUsersSecurity Incident Management, E-Discovery & Cloud Forensics(5)Contact / Authority MaintenanceIncident ManagementIncident ReportingIncident Response Legal PreparationIncident Response Metrics

Threat and Vulnerability Management(3)Anti-Virus / Malicious SoftwareVulnerability / Patch ManagementMobile Code

Application & Interface Security(4)Application SecurityCustomer Access RequirementsData IntegrityData Security / Integrity

Business Continuity Management & Operational Resilience(12)Business Continuity PlanningBusiness Continuity TestingDatacenter Utilities / Environmental ConditionsDocumentationEnvironmental RisksEquipment LocationEquipment MaintenanceEquipment Power FailuresImpact AnalysisManagement ProgramPolicyRetention Policy

Change Control & Configuration Management(5)New Development / AcquisitionOutsourced DevelopmentQuality TestingUnauthorized Software InstallationsProduction Changes

Data Security & Information Lifecycle Management (8)ClassificationData Inventory / FlowseCommerce TransactionsHandling / Labeling / Security PolicyInformation LeakageNon-Production DataOwnership / StewardshipSecure Disposal

Datacenter Security(9)Asset ManagementControlled Access PointsEquipment IdentificationOff-Site AuthorizationOff-Site EquipmentPolicySecure Area AuthorizationUnauthorized Persons EntryUser Access

Encryption & Key Management(4)EntitlementKey GenerationSensitive Data ProtectionStorage and Access

Cloud Control Matrix 3.0

Audit Assurance and Compliance(3)Audit PlanningIndependent AuditsInformation System Regulatory Mapping

Supply Chain Management, Transparency and Accountability(9)Data Quality and IntegrityIncident ReportingNetwork / Infrastructure ServicesProvider Internal AssessmentsSupply Chain AgreementsSupply Chain Governance ReviewsSupply Chain MetricsThird Party Assessment Third Party Audits

Allen ZhangHMSA

2014 V1

1. Barracuda Cloud Control - Overview · Barracuda Cloud Control - Overview Searching Barracuda Cloud Control Barracuda Cloud Control is a comprehensive cloud-based service that enables

1. Barracuda Cloud Control - Overview · Barracuda Cloud Control - Overview Searching Barracuda Cloud Control Barracuda Cloud Control is a comprehensive cloud-based service that enables

THE CLOUD NATIVE MATURITY MATRIX ASSESSMENT

THE CLOUD NATIVE MATURITY MATRIX ASSESSMENT

Trust in Cloud · 2020. 5. 20. · CCM V3.0 Control ID Updated Control Specification The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental

Trust in Cloud · 2020. 5. 20. · CCM V3.0 Control ID Updated Control Specification The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental

Cloud Insights Data Collector Support Matrix - …...Title Cloud Insights Data Collector Support Matrix Author admin Created Date 10/8/2019 11:10:37 AM

Cloud Insights Data Collector Support Matrix - …...Title Cloud Insights Data Collector Support Matrix Author admin Created Date 10/8/2019 11:10:37 AM

Everest Group PEAK Matrix™ for Enterprise Cloud ... · Everest Group released its report titled “ Enterprise Cloud Application Services – PEAK Matrix™ Assessment and Profiles

Everest Group PEAK Matrix™ for Enterprise Cloud ... · Everest Group released its report titled “ Enterprise Cloud Application Services – PEAK Matrix™ Assessment and Profiles

4.24 Cloud Security Alliance Cloud Controls Matrix (CCM…inicio.ifai.org.mx/DocumentosdeInteres/4_24_CCM3.pdf · 4.24 Cloud Security Alliance Cloud Controls Matrix (CCM) ... 1 Los

4.24 Cloud Security Alliance Cloud Controls Matrix (CCM…inicio.ifai.org.mx/DocumentosdeInteres/4_24_CCM3.pdf · 4.24 Cloud Security Alliance Cloud Controls Matrix (CCM) ... 1 Los

Understanding HP Cloud Matrix

Understanding HP Cloud Matrix

Discover Cloud System Matrix

Discover Cloud System Matrix

Everest Group Peak Matrix Cloud Enablement Services Focus ...

Everest Group Peak Matrix Cloud Enablement Services Focus ...

CSA Cloud Controls Matrix V1.2

CSA Cloud Controls Matrix V1.2

461.2 Access Control Matrix

461.2 Access Control Matrix

MATRIX DRIVE TECHNOLOGY - Control Global

MATRIX DRIVE TECHNOLOGY - Control Global

Risk / Control Matrix - Temple Fox MIScommunity.mis.temple.edu/.../2015/04/Ex-Final-Risk-Control-Guide1.pdf · Risk / Control Matrix ... The control activity description is not sufficient

Risk / Control Matrix - Temple Fox MIScommunity.mis.temple.edu/.../2015/04/Ex-Final-Risk-Control-Guide1.pdf · Risk / Control Matrix ... The control activity description is not sufficient

Datalogging . Control . Electrical measurement matrix

Datalogging . Control . Electrical measurement matrix

Access Control Matrix and Confused Deputy

Access Control Matrix and Confused Deputy

Matrix Safety & Loss Control Overview)

Matrix Safety & Loss Control Overview)

MadLINQ: Large-Scale Distributed Matrix Computation for the Cloud

MadLINQ: Large-Scale Distributed Matrix Computation for the Cloud

Access Control Matrix

Access Control Matrix

Matrix Risk Control · Matrix Risk Control. Investigate Discover Learn Change Matrix Risk Control provides investigation, root cause analysis, training and risk management services

Matrix Risk Control · Matrix Risk Control. Investigate Discover Learn Change Matrix Risk Control provides investigation, root cause analysis, training and risk management services

CLOUDFORMS - Matrix - DC future - Ro… · Control your Data-center Future Roei Goldenberg RHCE Linux Consultant and Cloud expert Matrix Dec 2015 CLOUDFORMS. Our world is changing!

CLOUDFORMS - Matrix - DC future - Ro… · Control your Data-center Future Roei Goldenberg RHCE Linux Consultant and Cloud expert Matrix Dec 2015 CLOUDFORMS. Our world is changing!