Print This Page
Job Aid Guidelines
A job aid stores information or instruction external to a user and guides the user to perform a task correctly. It is used during the actual performance of a task when the user needs to know the information or procedure. It can be consulted quickly when needed and provides specific, concise information to the user. It reduces the need for individuals to remember so much information and is an efficient method to reduce problems associated with relying strictly on recall to perform in certain situations.
Cloud Controls Matrix (CCM) Data
OP-02 | Operations Management | Documentation
Control Specification +-
Information system documentation (e.g., administrator and user guides, architecture diagrams, etc.) shall be made available to authorized personnel to ensure the following:
? Configuring, installing, and operating the information system
? Effectively using the system?s security features
Architectural Relevance +-
| Physical | Network | Compute | App | Data |
|---|
| False
| True
| True
| True
| True
|
Corp Gov Relevance +-
Cloud Service Delivery Model Applicability +-
| SaaS | PaaS | IaaS |
|---|
| True
| True
| True
|
Supplier Relationship +-
| Service Provider | Tenant / Consumer |
|---|
| True
| False
|
Scope Applicability +-
| COBIT 4.1 | HIPAA / HITECH Act | ISO/IEC 27001-2005 |
|---|
DS 9
DS 13.1
|
| Clause 4.3.3
A.10.7.4
|
| NIST SP800-53 R3 | FedRAMP (Final 2012) Low Impact | FedRAMP (Final 2012) Moderate Impact | PCI DSS v2.0 |
|---|
CP-9
CP-10
SA-5
SA-10
SA-11
| NIST SP 800-53 R3 CP-9
NIST SP 800-53 R3 CP-10
NIST SP 800-53 R3 SA-5
| NIST SP 800-53 R3 CP-9
NIST SP 800-53 R3 CP-9 (1)
NIST SP 800-53 R3 CP-9 (3)
NIST SP 800-53 R3 CP-10
NIST SP 800-53 R3 CP-10 (2)
NIST SP 800-53 R3 CP-10 (3)
NIST SP 800-53 R3 SA-5
NIST SP 800-53 R3 SA-5 (1)
NIST SP 800-53 R3 SA-5 (3)
NIST SP 800-53 R3 SA-10
NIST SP 800-53 R3 SA-11
NIST SP 800-53 R3 SA-11 (1)
| 12.1
12.2
12.3
12.4
|
| BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v5.0 | GAPP (Aug 2009) |
|---|
G.1.1
|
| 1.2.6
|
| Jericho Forum | NERC CIP |
|---|
Commandment #1
Commandment #2
Commandment #4
Commandment #5
Commandment #11
| CIP-005-3a - R1.3
CIP-007-3 - R9
|
Consensus Assessments Initiative Questionnaire (CAIQ) Data
Are Information system documentation (e.g., administrator and user guides, architecture diagrams, etc.) made available to authorized personnel to ensure Configuring, installing, and operating the information system?
Compliance Mapping +-
| COBIT | HIPAA | ISO27001 | SP800_53 |
|---|
COBIT 4.1 DS 9, DS 13.1
|
| Clause 4.3.3
A.10.7.4
| NIST SP800-53 R3 CP-9
NIST SP800-53 R3 CP-10
NIST SP800-53 R3 SA-5
NIST SP800-53 R3 SA-10
NIST SP800-53 R3 SA-11
|
| FedRAMP | PCI_DSS | BITS | GAPP |
|---|
|
| PCI DSS v2.0 12.1
PCI DSS v2.0 12.2
PCI DSS v2.0 12.3
PCI DSS v2.0 12.4
| SIG v6.0: G.1.1
| GAPP Ref 1.2.6
|
Model Applicability +-
| SaaS | PaaS | IaaS |
|---|
| True
| True
| True
|
Scope Applicability +-