A baseline specifies a policy compliant starting point which may be further specialized (e.g., a move to production process may include a baseline configuration that requires all defult users/passwords, SNMP community names, etc, be changed from their default values before the equipment may be used in production. If the equipment were subject to additional hardening, such as deployment in the DMZ, then further specialized baselines would apply).
Cloud Controls Matrix (CCM) Data
Physical | Network | Compute | App | Data |
---|---|---|---|---|
False | False | False | True | True |
Corp Gov Relevance |
---|
True |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
Service Provider | Tenant / Consumer |
---|---|
True | False |
COBIT 4.1 | HIPAA / HITECH Act | ISO/IEC 27001-2005 |
---|---|---|
DS13.1 | Clause 5.1 |
NIST SP800-53 R3 | FedRAMP (Final 2012) Low Impact | FedRAMP (Final 2012) Moderate Impact | PCI DSS v2.0 |
---|---|---|---|
CM-2 | NIST SP 800-53 R3 CM-2 | NIST SP 800-53 R3 CM-2 | 12.1 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v5.0 | GAPP (Aug 2009) |
---|---|---|
G.1.1 | 8.2.1 |
Jericho Forum | NERC CIP |
---|---|
Commandment #1 |
Consensus Assessments Initiative Questionnaire (CAIQ) Data
COBIT | HIPAA | ISO27001 | SP800_53 |
---|---|---|---|
COBIT 4.1 DS13.1 | Clause 5.1 |
FedRAMP | PCI_DSS | BITS | GAPP |
---|---|---|---|
PCI DSS v2.0 12.1 | SIG v6.0: G.1.1 | GAPP Ref 8.2.1 |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
SP | CUST |
---|---|
True | True |