Rules for Information Leakage Prevention

This capability manages policies, procedures, and business requirements associated to data loss prevention; as well controls associated to data privacy and protection throughout the organization. Examples of this include Content Management, Share File Repositories, Data usage from the end-point perspective, among others.

Cloud Controls Matrix (CCM) Data

Array

SA-03 | Security Architecture | Data Security / Integrity

Control Specification +-

Policies and procedures shall be established and mechanisms implemented to ensure security (e.g., encryption, access controls, and leakage prevention) and integrity of data exchanged between one or more system interfaces, jurisdictions, or with a third party shared services provider to prevent improper disclosure, alteration or destruction complying with legislative, regulatory, and contractual requirements.

Architectural Relevance +-

PhysicalNetworkComputeAppData
False True True True True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

DS5.11

A.10.8.1
A.10.8.2
A.11.1.1
A.11.6.1
A.11.4.6
A.12.3.1
A.12.5.4
A.15.1.4

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

AC-1
AC-4
SC-1
SC-16

NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 SC-1
NIST SP 800-53 R3 SC-13

NIST SP 800-53 R3 AC-1
NIST SP 800-53 R3 AC-4
NIST SP 800-53 R3 SC-1
NIST SP 800-53 R3 SC-8

2.3
3.4.1
4.1
4.1.1
6.1
6.3.2a
6.5c
8.3
10.5.5
11.5

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

G.8.2.0.2, G.8.2.0.3, G.12.1, G.12.4, G.12.9, G.12.10, G.16.2, G.19.2.1, G.19.3.2, G.9.4, G.17.2, G.17.3, G.17.4, G.20.1

B.1

1.1.0
1.2.2
1.2.6
4.2.3
5.2.1
7.1.2
7.2.1
7.2.2
7.2.3
7.2.4
8.2.1
8.2.2
8.2.3
8.2.5
9.2.1

Jericho ForumNERC CIP

All

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Security Architecture (SA) | ID #SA-03.1

Is your Data Security Architecture designed using an industry standard? (ex. CDSA, MULITSAFE, CSA Trusted Cloud Architectural Standard, FedRAMP CAESARS)

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.11

A.10.8.1
A.10.8.2
A.11.1.1
A.11.6.1
A.11.4.6
A.12.3.1
A.12.5.4
A.15.1.4

NIST SP800-53 R3 AC-1
NIST SP800-53 R3 AC-4
NIST SP800-53 R3 SC-1
NIST SP800-53 R3 SC-16

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 AC-1
NIST SP800-53 R3 AC-4
NIST SP800-53 R3 SC-1
NIST SP800-53 R3 SC-16

PCI DSS v2.0 2.3
PCI DSS v2.0 3.4.1,
PCI DSS v2.0 4.1
PCI DSS v2.0 4.1.1
PCI DSS v2.0 6.1
PCI DSS v2.0 6.3.2a
PCI DSS v2.0 6.5c
PCI DSS v2.0 8.3
PCI DSS v2.0 10.5.5
PCI DSS v2.0 11.5

AUP v5.0 B.1 SIG v6.0: G.8.2.0.2, G.8.2.0.3, G.12.1, G.12.4, G.12.9, G.12.10, G.16.2, G.19.2.1, G.19.3.2, G.9.4, G.17.2, G.17.3, G.17.4, G.20.1,

GAPP Ref 1.1.0
GAPP Ref 1.2.2
GAPP Ref 1.2.6
GAPP Ref 4.2.3
GAPP Ref 5.2.1
GAPP Ref 7.1.2
GAPP Ref 7.2.1
GAPP Ref 7.2.2
GAPP Ref 7.2.3
GAPP Ref 7.2.4
GAPP Ref 8.2.1
GAPP Ref 8.2.2
GAPP Ref 8.2.3
GAPP Ref 8.2.5
GAPP Ref 9.2.1

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True