Cloud Controls Matrix (CCM) V1.2 by CSA

　こんにちは、丸山満彦です。Cloud Security Alliacne released Cloud Control Matrix Ver1.2.

■CSA
・2011.08.26 Cloud Security Alliance Releases Cloud Controls Matrix v1.2

・・ Cloud Controls Matrix (CCM)

No.	Control Area	N	Control	Control ID
1	Compliance	1	Audit Planning	CO-01
		2	Independent Audits	CO-02
		3	Third Party Audits	CO-03
		4	Contact / Authority Maintenance	CO-04
		5	Information System Regulatory Mapping	CO-05
		6	Intellectual Property	CO-06
2	Data Governance	7	Ownership / Stewardship	DG-01
		8	Classification	DG-02
		9	Handling / Labeling / Security Policy	DG-03
		10	Retention Policy	DG-04
		11	Secure Disposal	DG-05
		12	Non-Production Data	DG-06
		13	Information Leakage	DG-07
		14	Risk Assessments	DG-08
3	Facility Security	15	Policy	FS-01
		16	User Access	FS-02
		17	Controlled Access Points	FS-03
		18	Secure Area Authorization	FS-04
		19	Unauthorized Persons Entry	FS-05
		20	Off-Site Authorization	FS-06
		21	Off-Site Equipment	FS-07
		22	Asset Management	FS-08
4	Human Resources Security	23	Background Screening	HR-01
		24	Employment Agreements	HR-02
		25	Employment Termination	HR-03
5	Information Security	26	Management Program	IS-01
		27	Management Support / Involvement	IS-02
		28	Policy	IS-03
		29	Baseline Requirements	IS-04
		30	Policy Reviews	IS-05
		31	Policy Enforcement	IS-06
		32	User Access Policy	IS-07
		33	User Access Restriction / Authorization	IS-08
		34	User Access Revocation	IS-09
		35	User Access Reviews	IS-10
		36	Training / Awareness	IS-11
		37	Industry Knowledge / Benchmarking	IS-12
		38	Roles / Responsibilities	IS-13
		39	Management Oversight	IS-14
		40	Segregation of Duties	IS-15
		41	User Responsibility	IS-16
		42	Workspace	IS-17
		43	Encryption	IS-18
		44	Encryption Key Management	IS-19
		45	Vulnerability / Patch Management	IS-20
		46	Anti-Virus / Malicious Software	IS-21
		47	Incident Management	IS-22
		48	Incident Reporting	IS-23
		49	Incident Response Legal Preparation	IS-24
		50	Incident Response Metrics	IS-25
		51	Acceptable Use	IS-26
		52	Asset Returns	IS-27
		53	eCommerce Transactions	IS-28
		54	Audit Tools Access	IS-29
		55	Diagnostic / Configuration Ports Access	IS-30
		56	Network / Infrastructure Services	IS-31
		57	Portable / Mobile Devices	IS-32
		58	Source Code Access Restriction	IS-33
		59	Utility Programs Access	IS-34
6	Legal	60	Non-Disclosure Agreements	LG-01
		61	Third Party Agreements	LG-02
7	Operations Management	62	Policy	OP-01
		63	Documentation	OP-02
		64	Capacity / Resource Planning	OP-03
		65	Equipment Maintenance	OP-04
8	Risk Management	66	Program	RI-01
		67	Assessments	RI-02
		68	Mitigation / Acceptance	RI-03
		69	Business / Policy Change Impacts	RI-04
		70	Third Party Access	RI-05
9	Release Management	71	New Development / Acquisition	RM-01
		72	Production Changes	RM-02
		73	Quality Testing	RM-03
		74	Outsourced Development	RM-04
		75	Unauthorized Software Installations	RM-05
10	Resiliency	76	Management Program	RS-01
		77	Impact Analysis	RS-02
		78	Business Continuity Planning	RS-03
		79	Business Continuity Testing	RS-04
		80	Environmental Risks	RS-05
		81	Equipment Location	RS-06
		82	Equipment Power Failures	RS-07
		83	Power / Telecommunications	RS-08
11	Security Architecture	84	Customer Access Requirements	SA-01
		85	User ID Credentials	SA-02
		86	Data Security / Integrity	SA-03
		87	Application Security	SA-04
		88	Data Integrity	SA-05
		89	Production / Non-Production Environments	SA-06
		90	Remote User Multi-Factor Authentication	SA-07
		91	Network Security	SA-08
		92	Segmentation	SA-09
		93	Wireless Security	SA-10
		94	Shared Networks	SA-11
		95	Clock Synchronization	SA-12
		96	Equipment Identification	SA-13
		97	Audit Logging / Intrusion Detection	SA-14
		98	Mobile Code	SA-15