Ensure that service providers and outsourcers adhere to intended and contractual information security policies applying concepts of ownership and custody
Cloud Controls Matrix (CCM) Data
Physical | Network | Compute | App | Data |
---|---|---|---|---|
True | True | True | True | True |
Corp Gov Relevance |
---|
True |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
Service Provider | Tenant / Consumer |
---|---|
True | True |
COBIT 4.1 | HIPAA / HITECH Act | ISO/IEC 27001-2005 |
---|---|---|
DS 2.3 | A.6.2.1 |
NIST SP800-53 R3 | FedRAMP (Final 2012) Low Impact | FedRAMP (Final 2012) Moderate Impact | PCI DSS v2.0 |
---|---|---|---|
CA-3 | NIST SP 800-53 R3 AC-1 | NIST SP 800-53 R3 AC-1 | 12.8.1 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v5.0 | GAPP (Aug 2009) |
---|---|---|
B.1.1, B.1.2, D.1.1, E.1, F.1.1, H.1.1, K.1.1, E.6.2, E.6.3 | B.1 | 7.1.1 |
Jericho Forum | NERC CIP |
---|---|
Consensus Assessments Initiative Questionnaire (CAIQ) Data
COBIT | HIPAA | ISO27001 | SP800_53 |
---|---|---|---|
COBIT 4.1 DS 2.3 | A.6.2.1 | NIST SP800-53 R3 CA-3 |
FedRAMP | PCI_DSS | BITS | GAPP |
---|---|---|---|
NIST SP800-53 R3 CA-3 | PCI DSS v2.0 12.8.1 | AUP v5.0 B.1 AUP v5.0 H.2 SIG v6.0: B.1.1, B.1.2, D.1.1, E.1, F.1.1, H.1.1, K.1.1, E.6.2, E.6.3 | GAPP Ref 7.1.1 |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
SP | CUST |
---|---|
True | True |