Clear Desk Policy

A corporate policy which ensures that sensitive information is not left out in the open for viewing or theft by unauthorized users.

Cloud Controls Matrix (CCM) Data

Array

IS-17 | Information Security | Workspace

Control Specification +-

Policies and procedures shall be established for clearing visible documents containing sensitive data when a workspace is unattended and enforcement of workstation session logout for a period of inactivity.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True False False False True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True True

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

Clause 5.2.2
A.8.2.2
A.9.1.5
A.11.3.1
A.11.3.2
A.11.3.3

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

AC-11
MP-2
MP-3
MP-4

NIST SP 800-53 R3 MP-1
NIST SP 800-53 R3 MP-2

NIST SP 800-53 R3 AC-11
NIST SP 800-53 R3 MP-1
NIST SP 800-53 R3 MP-2
NIST SP 800-53 R3 MP-2 (1)
NIST SP 800-53 R3 MP-3
NIST SP 800-53 R3 MP-4
NIST SP 800-53 R3 MP-4 (1)

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

E.4

E.1

8.2.3

Jericho ForumNERC CIP

Commandment #5 Commandment #6
Commandment #7
Commandment #11

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Information Security (IS) | ID #IS-17.1

Do your data management policies and procedures address tenant and service level conflicts of interests?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

Clause 5.2.2
A.8.2.2
A.9.1.5
A.11.3.1
A.11.3.2
A.11.3.3

NIST SP800-53 R3 AC-11
NIST SP800-53 R3 MP-2
NIST SP800-53 R3 MP-3
NIST SP800-53 R3 MP-4

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 AC-11
NIST SP800-53 R3 AC-11 (1)
NIST SP800-53 R3 MP-2
NIST SP800-53 R3 MP-2 (1)
NIST SP800-53 R3 MP-3
NIST SP800-53 R3 MP-4
NIST SP800-53 R3 MP-4 (1)

AUP v5.0 E.1 SIG v6.0: E.4

GAPP Ref 8.2.3

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Information Security (IS) | ID #IS-17.2

Do your data management policies and procedures include a tamper audit or software integrity function for unauthorized access to tenant data?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

Clause 5.2.2
A.8.2.2
A.9.1.5
A.11.3.1
A.11.3.2
A.11.3.3

NIST SP800-53 R3 AC-11
NIST SP800-53 R3 MP-2
NIST SP800-53 R3 MP-3
NIST SP800-53 R3 MP-4

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 AC-11
NIST SP800-53 R3 AC-11 (1)
NIST SP800-53 R3 MP-2
NIST SP800-53 R3 MP-2 (1)
NIST SP800-53 R3 MP-3
NIST SP800-53 R3 MP-4
NIST SP800-53 R3 MP-4 (1)

AUP v5.0 E.1 SIG v6.0: E.4

GAPP Ref 8.2.3

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Information Security (IS) | ID #IS-17.3

Does the virtual machine management infrastructure include a tamper audit or software integrity function to detect changes to the build/configuration of the virtual machine?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

Clause 5.2.2
A.8.2.2
A.9.1.5
A.11.3.1
A.11.3.2
A.11.3.3

NIST SP800-53 R3 AC-11
NIST SP800-53 R3 MP-2
NIST SP800-53 R3 MP-3
NIST SP800-53 R3 MP-4

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 AC-11
NIST SP800-53 R3 AC-11 (1)
NIST SP800-53 R3 MP-2
NIST SP800-53 R3 MP-2 (1)
NIST SP800-53 R3 MP-3
NIST SP800-53 R3 MP-4
NIST SP800-53 R3 MP-4 (1)

AUP v5.0 E.1 SIG v6.0: E.4

GAPP Ref 8.2.3

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True