« 日本公認会計士協会 組織 (企業 )内会計士 に関するアンケート 最終報告書 | Main | 内閣府 個人情報保護専門調査会報告書 ~個人情報保護法及びその運用に関する主な検討課題~ »

2011.08.29

Cloud Controls Matrix (CCM) V1.2 by CSA

 こんにちは、丸山満彦です。Cloud Security Alliacne released Cloud Control Matrix Ver1.2.

■CSA
・2011.08.26 Cloud Security Alliance Releases Cloud Controls Matrix v1.2

・・ Cloud Controls Matrix (CCM)

No.

Control Area

N

Control

Control ID

1

Compliance

1

Audit Planning

CO-01

2

Independent Audits

CO-02

3

Third Party Audits

CO-03

4

Contact / Authority Maintenance

CO-04

5

Information System Regulatory Mapping

CO-05

6

Intellectual Property

CO-06

2

Data Governance

7

Ownership / Stewardship

DG-01

8

Classification

DG-02

9

Handling / Labeling / Security Policy

DG-03

10

Retention Policy

DG-04

11

Secure Disposal

DG-05

12

Non-Production Data

DG-06

13

Information Leakage

DG-07

14

Risk Assessments

DG-08

3

Facility Security

15

Policy

FS-01

16

User Access

FS-02

17

Controlled Access Points

FS-03

18

Secure Area Authorization

FS-04

19

Unauthorized Persons Entry

FS-05

20

Off-Site Authorization

FS-06

21

Off-Site Equipment

FS-07

22

Asset Management

FS-08

4

Human Resources Security

23

Background Screening

HR-01

24

Employment Agreements

HR-02

25

Employment Termination

HR-03

5

Information Security

26

Management Program

IS-01

27

Management Support / Involvement

IS-02

28

Policy

IS-03

29

Baseline Requirements

IS-04

30

Policy Reviews

IS-05

31

Policy Enforcement

IS-06

32

User Access Policy

IS-07

33

User Access Restriction / Authorization

IS-08

34

User Access Revocation

IS-09

35

User Access Reviews

IS-10

36

Training / Awareness

IS-11

37

Industry Knowledge / Benchmarking

IS-12

38

Roles / Responsibilities

IS-13

39

Management Oversight

IS-14

40

Segregation of Duties

IS-15

41

User Responsibility

IS-16

42

Workspace

IS-17

43

Encryption

IS-18

44

Encryption Key Management

IS-19

45

Vulnerability / Patch Management

IS-20

46

Anti-Virus / Malicious Software

IS-21

47

Incident Management

IS-22

48

Incident Reporting

IS-23

49

Incident Response Legal Preparation

IS-24

50

Incident Response Metrics

IS-25

51

Acceptable Use

IS-26

52

Asset Returns

IS-27

53

eCommerce Transactions

IS-28

54

Audit Tools Access

IS-29

55

Diagnostic / Configuration Ports Access

IS-30

56

Network / Infrastructure Services

IS-31

57

Portable / Mobile Devices

IS-32

58

Source Code Access Restriction

IS-33

59

Utility Programs Access

IS-34

6

Legal

60

Non-Disclosure Agreements

LG-01

61

Third Party Agreements

LG-02

7

Operations Management

62

Policy

OP-01

63

Documentation

OP-02

64

Capacity / Resource Planning

OP-03

65

Equipment Maintenance

OP-04

8

Risk Management

66

Program

RI-01

67

Assessments

RI-02

68

Mitigation / Acceptance

RI-03

69

Business / Policy Change Impacts

RI-04

70

Third Party Access

RI-05

9

Release Management

71

New Development / Acquisition

RM-01

72

Production Changes

RM-02

73

Quality Testing

RM-03

74

Outsourced Development

RM-04

75

Unauthorized Software Installations

RM-05

10

Resiliency

76

Management Program

RS-01

77

Impact Analysis

RS-02

78

Business Continuity Planning

RS-03

79

Business Continuity Testing

RS-04

80

Environmental Risks

RS-05

81

Equipment Location

RS-06

82

Equipment Power Failures

RS-07

83

Power / Telecommunications

RS-08

11

Security Architecture

84

Customer Access Requirements

SA-01

85

User ID Credentials

SA-02

86

Data Security / Integrity

SA-03

87

Application Security

SA-04

88

Data Integrity

SA-05

89

Production / Non-Production Environments

SA-06

90

Remote User Multi-Factor Authentication

SA-07

91

Network Security

SA-08

92

Segmentation

SA-09

93

Wireless Security

SA-10

94

Shared Networks

SA-11

95

Clock Synchronization

SA-12

96

Equipment Identification

SA-13

97

Audit Logging / Intrusion Detection

SA-14

98

Mobile Code

SA-15

|

« 日本公認会計士協会 組織 (企業 )内会計士 に関するアンケート 最終報告書 | Main | 内閣府 個人情報保護専門調査会報告書 ~個人情報保護法及びその運用に関する主な検討課題~ »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/52593094

Listed below are links to weblogs that reference Cloud Controls Matrix (CCM) V1.2 by CSA:

« 日本公認会計士協会 組織 (企業 )内会計士 に関するアンケート 最終報告書 | Main | 内閣府 個人情報保護専門調査会報告書 ~個人情報保護法及びその運用に関する主な検討課題~ »