Contracts

An agreement entered into by two or more parties with the serious intent of creating a legal obligation or obligations.

Cloud Controls Matrix (CCM) Data

Array

SA-01 | Security Architecture | Customer Access Requirements

Control Specification +-

Prior to granting customers access to data, assets and information systems, all identified security, contractual and regulatory requirements for customer access shall be addressed and remediated.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True True True True True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True True

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

A.6.2.1
A.6.2.2
A.11.1.1

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

CA-1
CA-2
CA-5
CA-6

NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 CA-5
NIST SP 800-53 R3 CA-6

NIST SP 800-53 R3 CA-1
NIST SP 800-53 R3 CA-2
NIST SP 800-53 R3 CA-2 (1)
NIST SP 800-53 R3 CA-5
NIST SP 800-53 R3 CA-6

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

C.2.1, C.2.3, C.2.4, C.2.6.1, H.1

1.2.2
1.2.6
6.2.1
6.2.2

Jericho ForumNERC CIP

Commandment #6
Commandment #7
Commandment #8

Array

Security Architecture (SA) | ID #SA-01.1

Are all identified security, contractual and regulatory requirements for customer access contractually addressed and remediated prior to granting customers access to data, assets and information systems?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

A.6.2.1
A.6.2.2
A.11.1.1

NIST SP800-53 R3 CA-1
NIST SP800-53 R3 CA-2
NIST SP800-53 R3 CA-5
NIST SP800-53 R3 CA-6

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 CA-1
NIST SP800-53 R3 CA-2
NIST SP800-53 R3 CA-2 (1)
NIST SP800-53 R3 CA-5
NIST SP800-53 R3 CA-6

SIG v6.0: C.2.1, C.2.3, C.2.4, C.2.6.1, H.1

GAPP Ref 1.2.2
GAPP Ref 1.2.6
GAPP Ref 6.2.1
GAPP Ref 6.2.2

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True