Documents | – Cloud assurance compliance


The “Standards” section of this website contains various documents describing standards and guidance for implementing the standards. This page is provided as an overview to these documents.

Standards documentation

Standard Coverage Document project Cloud control framework Version 3.0 of the cloud controls framework (English) Cloud-con[..]29052013.xlsx project Cloud control framework Version 3.0 of the cloud controls framework (Nederlands) Cloud-con[..]29052013.xlsx
PCI-DSS v2.0 Security requirements for Payment processing systems pci_dss_v2.pdf
(requires agreement)
NIST SP800-53 Recommended Security Controls for Federal Information Systems and Organizations sp800-53-rev3-final.pdf
NIST SP800-53 (draft of Appendix J) Privacy controls, preview of SP800-53 revision 4 (no longer available – included in SP800-53 revision 4 final)
FedRAMP Security Assessment & Authorization for U.S. Government Cloud Computing (based on NIST SP800-53) Fedramp Security
HIPAA Health Insurance Portability and Accountability Act, technological requirements for health care systems. ยง164 is relevant to cloud. adminsimpregtext.pdf
CSA CCM 1.1 CSA’s Cloud Control Matrix v1.1. Mapping of general cloud controls to popular security standards. CSA Cloud Con…xlsx
ISAE3402 International standard on assurance engagement – Assurance reports on controls at a service organisation b014-201…-isae-3402.pdf
SSAE-16 (AT 801) Audit standard – Reporting on controls for a service organisation AT-00801.pdf
SAS70 Financial audit standard – replaced by ISAE3402 060441.PDF
2009/136/ec The “Cookie directive”, regarding privacy guidelines 2009/136/ec.pdf
AICPA GAPP Generally Accepted Privacy Principles GAPP_P…pdf
ISO 27001:2005 Information security management systems (ISMS) Buy at ISO store
(CHF 130 / ~ $160)
ISO 27002:2005 Code of practice for information security management Buy at ISO store
(CHF 208 / ~ $255)

Guidance articles

Title Coverage Document
NIST SP-500-292 Cloud computing reference architecture NIST_SP_500..611.pdf
NIST SP-800-146 (draft) Cloud computing synopsis and Recommendations Draft-NIST-SP800-146.pdf
“Orchestrating the new paradigm” KPMG advisory and predictions on developments in the cloud industry Orchestr.._2.pdf
CSA Guide Security Guidance for Critical Areas of Focus in Cloud Computing (updated 11/14/2011 to V3) csaguide.v3.0.pdf
COBIT & Cloud COBIT 4.1 vs Cloud assurance – official ISACA publication on interpreting COBIT in a cloud context. WITCOC_….pdf ($50)