Cloudcontrols.org – Cloud assurance compliance | Building trust in the cloud

Cloudcontrols.org releases first draft of Risk list

Written on:August 11, 2011

The Cloudcontrols project has released the first draft of the list of Risks which will provide the base for future releases. The release consists of 118 risks divided in 5 groups: Technical, Security and Legal risks and specific Outsourcing and specific Co-tenancy risks. The list is available on http://www.cloudcontrols.org/cloudcontrols/risks/. We welcome interested parties to leave their comments. The next steps are creating further versions of the risks and adding controls to manage the identified risks. After that measures to implement the controls will be specified.

ISACA releases Cloud-guidance for COBIT

Written on:August 11, 2011
Comments
are closed
isaca

ISACA, the organisation behind COBIT, released a document called “IT Control Objectives for Cloud Computing” (E-paper, $50). This document adds comments to the existing COBIT control objectives but relies heavily on the earlier texts written by NIST. Additionally, it is remarkable that not the COBIT 5.0 draft framework but the current COBIT 4.1 framework was used instead. A useful addition to the existing pool of documents is chapter 5, providing an overview of assurance frameworks and their applicability.

The document is available at ISACA.org

NIST releases new Privacy controls (draft of SP800-53 Appendix J)

Written on:July 25, 2011
Comments
are closed
Screen shot 2011-06-17 at 13.15.02

NIST has released a draft of Appendix J of the upcoming revision 4 of it’s security standard, detailing privacy security by providing measurable controls.

Appendix J consists of 23 controls divided in 8 categories, addressing the risks related to the lifecycle of privacy and “Personally Identifiable Information” (PII).

Read our summary of SP800-53 appendix J (Draft)

PCI Security Standards Council releases Virtualization Guidelines

Written on:June 17, 2011
Comments
are closed
PCI-DSS Virtualization Guidelines

The PCI Security Standards Council has released a document outlining additional guidelines to the existing PCI DSS requirements. The 12 PCI DSS Requirements have been enhanced with Virtualization Considerations assisting in managing the additional risks virtualization technologies bring.

Read more

Recommended read – new release by NIST: Draft of Special Publication 800-146 (Cloud Guidance)

Written on:May 16, 2011
Comments
are closed
Screen shot 2011-06-17 at 13.15.02

NIST, the National Institute of Standards and Technology, has released a new guidance on Cloud touching many different subjects briefly. This document is a must-read for both managers and system/network operators.

Read more on NIST SP 800-146 (Draft)

Recommended read – KPMG advisory “Orchestrating the new paradigm”

Written on:March 24, 2011
Comments
are closed
160x225_Orchestrating_New_Paradigm

KPMG NL has published a positioning paper informing their customers and partners of the current state of the cloud. The document is a useful read for CIO/CEO’s and other decision-makers.

“Orchestrating the new paradigm”

 

CSA Guidance – Cloud Security Alliance launches Cloud Controls Matrix (CCM) 1.1

Written on:December 17, 2010
Comments
are closed
0511.cloud_5F00_security_5F00_alliance_5F00_logo

The Cloud Security Alliance (CSA) today announced the launch of revision 1.1 of the CCM Security Controls Matrix. Read more on the topic page for CCM Security Control Matrix.

New standard proposal by FedRamp – Proposed Security Assessment & Authorization for U.S. Government Cloud Computing (v0.96)

Written on:November 2, 2010
Comments
are closed
2350_FedRAMP_logo

The US CIO council has released a new proposal regarding the FedRamp program. This proposal is currently being adopted throughout US Agencies.

The document has close ties to the NIST SP800-53 release, enhancing it with cloud-specific controls.

Go to “Standards/FedRamp”