Architecture Governance

Set of tools which can be used for developing a broad range of different architecture perspectives integrated usually as a common Architecture Framework.
Elements that the governance process must cover are:

  • Describe a method for defining an information system in terms of a set of building blocks
  • Show how the building blocks fit together
  • Technical roadmap for the standards list
  • Contain a set of tools, and enforce a technology standards list
  • Provide a common vocabulary
  • Governance processes to ensure that existing solutions and new IT services are aligned witht he framework.

Cloud Controls Matrix (CCM) Data

RM-01 | Release Management | New Development / Acquisition

Control Specification +-

Policies and procedures shall be established for management authorization for development or acquisition of new applications, systems, databases, infrastructure, services, operations, and facilities.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True True True True True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

A12
A16.1

A.6.1.4
A.6.2.1
A.12.1.1
A.12.4.1
A.12.4.2
A.12.4.3
A.12.5.5
A.15.1.3
A.15.1.4

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

CA-1
CM-1
CM-9
PL-1
PL-2
SA-1
SA-3
SA-4

NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 PL-1
NIST SP 800-53 R3 PL-2
NIST SP 800-53 R3 SA-1
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4

NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CM-1
NIST SP 800-53 R3 CM-9
NIST SP 800-53 R3 PL-1
NIST SP 800-53 R3 PL-2
NIST SP 800-53 R3 SA-1
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-4 (1)
NIST SP 800-53 R3 SA-4 (4)
NIST SP 800-53 R3 SA-4 (7)

6.3.2

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

I.1.1, I.1.2, I.2. 7.2, I.2.8, I.2.9, I.2.10, I.2.13, I.2.14, I.2.15, I.2.18, I.2.22.6, L.5

I.2

1.2.6

Jericho ForumNERC CIP

Commandment #1
Commandment #2
Commandment #3

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Release Management (RM) | ID #RM-01.1

Are policies and procedures established for management authorization for development or acquisition of new applications, systems, databases, infrastructure, services, operations, and facilities?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 A12, A 16.1

A.6.1.4
A.6.2.1
A.12.1.1
A.12.4.1
A.12.4.2
A.12.4.3
A.12.5.5
A.15.1.3
A.15.1.4

NIST SP800-53 R3 CA-1
NIST SP800-53 R3 CM-1
NIST SP800-53 R3 CM-9
NIST SP800-53 R3 PL-1
NIST SP800-53 R3 PL-2
NIST SP800-53 R3 SA-1
NIST SP800-53 R3 SA-3
NIST SP800-53 R3 SA-4

FedRAMPPCI_DSSBITSGAPP

PCI DSS v2.0 6.3.2

AUP v5.0 I.2 SIG v6.0: I.1.1, I.1.2, I.2. 7.2, I.2.8, I.2.9, I.2.10, I.2.13, I.2.14, I.2.15, I.2.18, I.2.22.6, L.5,

GAPP Ref 1.2.6

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True