Environmental Risk Management

The general process of assessing and controlling risks arising from the environment surrounding an infrastructure (e.g., estimating the size of a backup generator plant to provide power continuity in case of utility power loss)

Cloud Controls Matrix (CCM) Data

Array

RS-08 | Resiliency | Power / Telecommunications

Control Specification +-

Telecommunications equipment, cabling and relays transceving data or supporting services shall be protected from interception or damage and designed with redundancies, alternative power source and alternative routing.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True True False False False

Corp Gov Relevance +-

Corp Gov Relevance
False

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

A.9.2.2
A.9.2.3

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

PE-1
PE-4
PE-13

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-4
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

F.1.6, F.1.6.1, F.1.6.2, F.1.9.2, F.2.10, F.2.11, F.2.12

F.1

Jericho ForumNERC CIP

Commandment #1
Commandment #2
Commandment #3
Commandment #4
Commandment #9
Commandment #11

Array

Resiliency (RS) | ID #RS-08.1

Do you provide tenants with documentation showing the transport route of their data between your systems?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

A.9.2.2
A.9.2.3

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-4
NIST SP800-53 R3 PE-13

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-4
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)

AUP v5.0 F.1 SIG v6.0: F.1.6, F.1.6.1, F.1.6.2, F.1.9.2, F.2.10, F.2.11, F.2.12,

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Resiliency (RS) | ID #RS-08.2

Can Tenants define how their data is transported and through which legal jurisdiction?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

A.9.2.2
A.9.2.3

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-4
NIST SP800-53 R3 PE-13

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 PE-1
NIST SP800-53 R3 PE-4
NIST SP800-53 R3 PE-13
NIST SP800-53 R3 PE-13 (1)
NIST SP800-53 R3 PE-13 (2)
NIST SP800-53 R3 PE-13 (3)

AUP v5.0 F.1 SIG v6.0: F.1.6, F.1.6.1, F.1.6.2, F.1.9.2, F.2.10, F.2.11, F.2.12,

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True