Technical Security Standards

Specify how specific technical security controls must be implemented (for example, a security policy might mandate at-rest encryption for a particular class of data and a technical security standard might specify that the encryption implementation must be FIPS 140-2 certified AES-256).

Cloud Controls Matrix (CCM) Data

DG-06 | Data Governance | Non-Production Data

Control Specification +-

Production data shall not be replicated or used in non-production environments.

Architectural Relevance +-

PhysicalNetworkComputeAppData
False False False True True

Corp Gov Relevance +-

Corp Gov Relevance
False

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

45 CFR 164.308(a)(4)(ii)(B)

A.7.1.3
A.10.1.4
A.12.4.2
A.12.5.1

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

SA-11
CM-04

NIST SP 800-53 R3 SA-11
NIST SP 800-53 R3 SA-11 (1)

6.4.3

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

I.2.18

1.2.6

Jericho ForumNERC CIP

Commandment #9
Commandment #10
Commandment #11

CIP-003-3 - R6

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Data Governance (DG) | ID #DG-06.1

Do you have procedures in place to ensure production data shall not be replicated or used in non-production environments?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

45 CFR 164.308(a)(4)(ii)(B)

A.7.1.3
A.10.1.4
A.12.4.2
A.12.5.1

NIST SP800-53 R3 SA-11
NIST SP800-53 R3 CM-04

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 SA-11
NIST SP800-53 R3 SA-11 (1)
NIST SP800-53 R3 CM-04

PCI DSS v2.0 6.4.3

SIG v6.0: I.2.18

GAPP Ref 1.2.6

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True