This capability manages the communications, responsibitlites and associated processes for personnel that interacts with data throughout its lifecycle. Roles associated to the data intreaction include Data Owners, Asset Custodians, Data Users, Supporting Services, and Delegates among others.
Cloud Controls Matrix (CCM) Data
| Physical | Network | Compute | App | Data |
|---|---|---|---|---|
| False | False | True | True | True |
| Corp Gov Relevance |
|---|
| True |
| SaaS | PaaS | IaaS |
|---|---|---|
| True | True | True |
| Service Provider | Tenant / Consumer |
|---|---|
| True | False |
| COBIT 4.1 | HIPAA / HITECH Act | ISO/IEC 27001-2005 |
|---|---|---|
DS5.1 | 45 CFR 164.308 (a)(2) | A.6.1.3 |
| NIST SP800-53 R3 | FedRAMP (Final 2012) Low Impact | FedRAMP (Final 2012) Moderate Impact | PCI DSS v2.0 |
|---|---|---|---|
CA-2 | NIST SP 800-53 R3 CA-2 | NIST SP 800-53 R3 CA-2 |
| BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v5.0 | GAPP (Aug 2009) |
|---|---|---|
C.2.5.1, C.2.5.2, D.1.3, L.7 | 6.2.1 |
| Jericho Forum | NERC CIP |
|---|---|
Commandment #6 | CIP-007-3 - R1.1 - R1.2 |
Consensus Assessments Initiative Questionnaire (CAIQ) Data
| COBIT | HIPAA | ISO27001 | SP800_53 |
|---|---|---|---|
COBIT 4.1 DS5.1, PO 2.3 | 45 CFR 164.308 (a)(2) | A.6.1.3 | NIST SP800-53 R3 CA-2 |
| FedRAMP | PCI_DSS | BITS | GAPP |
|---|---|---|---|
NIST SP800-53 R3 CA-2 | SIG v6.0: C.2.5.1, C.2.5.2, D.1.3, L.7 | GAPP Ref 6.2.1 |
| SaaS | PaaS | IaaS |
|---|---|---|
| True | True | True |
| SP | CUST |
|---|---|
| True | True |