Data Segregation

Data segregation is the process and controls that ensure data is segregated in a multi-tenant environment so each tenant has access to his and only his data

Cloud Controls Matrix (CCM) Data

Array

SA-06 | Security Architecture | Production / Non-Production Environments

Control Specification +-

Production and non-production environments shall be separated to prevent unauthorized access or changes to information assets.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True True True True True

Corp Gov Relevance +-

Corp Gov Relevance
False

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

DS5.7

A.10.1.4
A.10.3.2
A.11.1.1
A.12.5.1
A.12.5.2
A.12.5.3

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

SC-2

NIST SP 800-53 R3 SC-2

6.4.1
6.4.2

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

I.2.7.1, I.2.20, I.2.17, I.2.22.2, I.2.22.4, I.2.22.10-14, H.1.1

B.1

1.2.6

Jericho ForumNERC CIP

Commandment #1
Commandment #10
Commandment #11

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Security Architecture (SA) | ID #SA-06.1

For your SaaS or PaaS offering, do you provide tenants with separate environments for production and test processes?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.7

A.10.1.4
A.10.3.2
A.11.1.1
A.12.5.1
A.12.5.2
A.12.5.3

NIST SP800-53 R3 SC-2

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 SC-2

PCI DSS v2.0 6.4.1
PCI DSS v2.0 6.4.2

AUP v5.0 B.1 SIG v6.0: I.2.7.1, I.2.20, I.2.17,I.2.22.2, I.2.22.4,I.2.22.10-14, H.1.1

GAPP Ref 1.2.6

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Security Architecture (SA) | ID #SA-06.2

For your IaaS offering, do you provide tenants with guidance on how to create suitable production and test environments?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.7

A.10.1.4
A.10.3.2
A.11.1.1
A.12.5.1
A.12.5.2
A.12.5.3

NIST SP800-53 R3 SC-2

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 SC-2

PCI DSS v2.0 6.4.1
PCI DSS v2.0 6.4.2

AUP v5.0 B.1 SIG v6.0: I.2.7.1, I.2.20, I.2.17,I.2.22.2, I.2.22.4,I.2.22.10-14, H.1.1

GAPP Ref 1.2.6

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True