« 日本公認会計士協会 組織 (企業 )内会計士 に関するアンケート 最終報告書 | Main | 内閣府 個人情報保護専門調査会報告書 ~個人情報保護法及びその運用に関する主な検討課題~ »

2011.08.29

Cloud Controls Matrix (CCM) V1.2 by CSA

 こんにちは、丸山満彦です。Cloud Security Alliacne released Cloud Control Matrix Ver1.2.

■CSA
・2011.08.26 Cloud Security Alliance Releases Cloud Controls Matrix v1.2

・・ Cloud Controls Matrix (CCM)

No.

Control Area

N

Control

Control ID

1

Compliance

1

Audit Planning

CO-01

2

Independent Audits

CO-02

3

Third Party Audits

CO-03

4

Contact / Authority Maintenance

CO-04

5

Information System Regulatory Mapping

CO-05

6

Intellectual Property

CO-06

2

Data Governance

7

Ownership / Stewardship

DG-01

8

Classification

DG-02

9

Handling / Labeling / Security Policy

DG-03

10

Retention Policy

DG-04

11

Secure Disposal

DG-05

12

Non-Production Data

DG-06

13

Information Leakage

DG-07

14

Risk Assessments

DG-08

3

Facility Security

15

Policy

FS-01

16

User Access

FS-02

17

Controlled Access Points

FS-03

18

Secure Area Authorization

FS-04

19

Unauthorized Persons Entry

FS-05

20

Off-Site Authorization

FS-06

21

Off-Site Equipment

FS-07

22

Asset Management

FS-08

4

Human Resources Security

23

Background Screening

HR-01

24

Employment Agreements

HR-02

25

Employment Termination

HR-03

5

Information Security

26

Management Program

IS-01

27

Management Support / Involvement

IS-02

28

Policy

IS-03

29

Baseline Requirements

IS-04

30

Policy Reviews

IS-05

31

Policy Enforcement

IS-06

32

User Access Policy

IS-07

33

User Access Restriction / Authorization

IS-08

34

User Access Revocation

IS-09

35

User Access Reviews

IS-10

36

Training / Awareness

IS-11

37

Industry Knowledge / Benchmarking

IS-12

38

Roles / Responsibilities

IS-13

39

Management Oversight

IS-14

40

Segregation of Duties

IS-15

41

User Responsibility

IS-16

42

Workspace

IS-17

43

Encryption

IS-18

44

Encryption Key Management

IS-19

45

Vulnerability / Patch Management

IS-20

46

Anti-Virus / Malicious Software

IS-21

47

Incident Management

IS-22

48

Incident Reporting

IS-23

49

Incident Response Legal Preparation

IS-24

50

Incident Response Metrics

IS-25

51

Acceptable Use

IS-26

52

Asset Returns

IS-27

53

eCommerce Transactions

IS-28

54

Audit Tools Access

IS-29

55

Diagnostic / Configuration Ports Access

IS-30

56

Network / Infrastructure Services

IS-31

57

Portable / Mobile Devices

IS-32

58

Source Code Access Restriction

IS-33

59

Utility Programs Access

IS-34

6

Legal

60

Non-Disclosure Agreements

LG-01

61

Third Party Agreements

LG-02

7

Operations Management

62

Policy

OP-01

63

Documentation

OP-02

64

Capacity / Resource Planning

OP-03

65

Equipment Maintenance

OP-04

8

Risk Management

66

Program

RI-01

67

Assessments

RI-02

68

Mitigation / Acceptance

RI-03

69

Business / Policy Change Impacts

RI-04

70

Third Party Access

RI-05

9

Release Management

71

New Development / Acquisition

RM-01

72

Production Changes

RM-02

73

Quality Testing

RM-03

74

Outsourced Development

RM-04

75

Unauthorized Software Installations

RM-05

10

Resiliency

76

Management Program

RS-01

77

Impact Analysis

RS-02

78

Business Continuity Planning

RS-03

79

Business Continuity Testing

RS-04

80

Environmental Risks

RS-05

81

Equipment Location

RS-06

82

Equipment Power Failures

RS-07

83

Power / Telecommunications

RS-08

11

Security Architecture

84

Customer Access Requirements

SA-01

85

User ID Credentials

SA-02

86

Data Security / Integrity

SA-03

87

Application Security

SA-04

88

Data Integrity

SA-05

89

Production / Non-Production Environments

SA-06

90

Remote User Multi-Factor Authentication

SA-07

91

Network Security

SA-08

92

Segmentation

SA-09

93

Wireless Security

SA-10

94

Shared Networks

SA-11

95

Clock Synchronization

SA-12

96

Equipment Identification

SA-13

97

Audit Logging / Intrusion Detection

SA-14

98

Mobile Code

SA-15

|

« 日本公認会計士協会 組織 (企業 )内会計士 に関するアンケート 最終報告書 | Main | 内閣府 個人情報保護専門調査会報告書 ~個人情報保護法及びその運用に関する主な検討課題~ »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



TrackBack


Listed below are links to weblogs that reference Cloud Controls Matrix (CCM) V1.2 by CSA:

« 日本公認会計士協会 組織 (企業 )内会計士 に関するアンケート 最終報告書 | Main | 内閣府 個人情報保護専門調査会報告書 ~個人情報保護法及びその運用に関する主な検討課題~ »