Separation of duties (SoD) is the concept of having more than one person required to complete a task in order to prevent from fraud and error.
Cloud Controls Matrix (CCM) Data
Physical | Network | Compute | App | Data |
---|---|---|---|---|
True | True | True | True | True |
Corp Gov Relevance |
---|
True |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
Service Provider | Tenant / Consumer |
---|---|
True | False |
COBIT 4.1 | HIPAA / HITECH Act | ISO/IEC 27001-2005 |
---|---|---|
DS 5.4 | 45 CFR 164.308 (a)(1)(ii)(D) | A.10.1.3 |
NIST SP800-53 R3 | FedRAMP (Final 2012) Low Impact | FedRAMP (Final 2012) Moderate Impact | PCI DSS v2.0 |
---|---|---|---|
AC-1 | NIST SP 800-53 R3 AC-1 | NIST SP 800-53 R3 AC-1 | 6.4.2 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v5.0 | GAPP (Aug 2009) |
---|---|---|
G.2.13. G.3, G.20.1, G.20.2, G.20.5 | 8.2.2 |
Jericho Forum | NERC CIP |
---|---|
Commandment #6 | CIP-007-3 R5.1.1 |
Consensus Assessments Initiative Questionnaire (CAIQ) Data
COBIT | HIPAA | ISO27001 | SP800_53 |
---|---|---|---|
COBIT 4.1 DS 5.4 | 45 CFR 164.308 (a)(1)(ii)(D) | A.10.1.3 | NIST SP800-53 R3 AC-1 |
FedRAMP | PCI_DSS | BITS | GAPP |
---|---|---|---|
PCI DSS v2.0 6.4.2 | SIG v6.0:G.2.13. G.3, G.20.1, G.20.2, G.20.5 | GAPP Ref 8.2.2 |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
SP | CUST |
---|---|
True | True |