Print This Page
Technical Awareness & Training
To increase the ability to select and implement effective technical security mechanisms, products, process and tools
Cloud Controls Matrix (CCM) Data
IS-04 | Information Security | Baseline Requirements
Control Specification +-
Baseline security requirements shall be established and applied to the design and implementation of (developed or purchased) applications, databases, systems, and network infrastructure and information processing that comply with policies, standards and applicable regulatory requirements. Compliance with security baseline requirements must be reassessed at least annually or upon significant changes.
Architectural Relevance +-
| Physical | Network | Compute | App | Data |
|---|
| True
| True
| True
| True
| True
|
Corp Gov Relevance +-
Cloud Service Delivery Model Applicability +-
| SaaS | PaaS | IaaS |
|---|
| True
| True
| True
|
Supplier Relationship +-
| Service Provider | Tenant / Consumer |
|---|
| True
| False
|
Scope Applicability +-
| COBIT 4.1 | HIPAA / HITECH Act | ISO/IEC 27001-2005 |
|---|
AI2.1
AI2.2
AI3.3
DS2.3
DS11.6
|
| A.12.1.1
A.15.2.2
|
| NIST SP800-53 R3 | FedRAMP (Final 2012) Low Impact | FedRAMP (Final 2012) Moderate Impact | PCI DSS v2.0 |
|---|
CM-2
SA-2
SA-4
| NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 SA-2
NIST SP 800-53 R3 SA-4
| NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-2 (1)
NIST SP 800-53 R3 CM-2 (3)
NIST SP 800-53 R3 CM-2 (5)
NIST SP 800-53 R3 SA-2
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-4 (1)
NIST SP 800-53 R3 SA-4 (4)
NIST SP 800-53 R3 SA-4 (7)
| 1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
2.2
2.2.1
2.2.2
2.2.3
2.2.4
|
| BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v5.0 | GAPP (Aug 2009) |
|---|
L.2, L.5, L.7 L.8, L.9, L.10
| L.2
| 1.2.6
8.2.1
8.2.7
|
| Jericho Forum | NERC CIP |
|---|
Commandment #2
Commandment #4
Commandment #5
Commandment #11
|
|
Consensus Assessments Initiative Questionnaire (CAIQ) Data
Do you have agreements which ensure your providers adhere to your information security and privacy policies?
Compliance Mapping +-
| COBIT | HIPAA | ISO27001 | SP800_53 |
|---|
|
|
|
|
|
Model Applicability +-
| SaaS | PaaS | IaaS |
|---|
| False
| False
| False
|
Scope Applicability +-