Service Level Management

Function responsible for assuring that the level of services provided is in aggreement with contractual obligations on an ongoing basis

Cloud Controls Matrix (CCM) Data

Array

IS-31 | Information Security | Network / Infrastructure Services

Control Specification +-

Network and infrastructure service level agreements (in-house or outsourced) shall clearly document security controls, capacity and service levels, and business or customer requirements.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True True True True True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True True

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

DS5.10

A.6.2.3
A.10.6.2

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

SC-20
SC-21
SC-22
SC-23
SC-24

NIST SP 800-53 R3 CA-3
NIST SP 800-53 R3 SA-9

NIST SP 800-53 R3 CA-3
NIST SP 800-53 R3 CP-6
NIST SP 800-53 R3 CP-6 (1)
NIST SP 800-53 R3 CP-6 (3)
NIST SP 800-53 R3 CP-7
NIST SP 800-53 R3 CP-7 (1)
NIST SP 800-53 R3 CP-7 (2)
NIST SP 800-53 R3 CP-7 (3)
NIST SP 800-53 R3 CP-7 (5)
NIST SP 800-53 R3 CP-8
NIST SP 800-53 R3 CP-8 (1)
NIST SP 800-53 R3 CP-8 (2)
NIST SP 800-53 R3 SA-9
NIST SP 800-53 R3 SA-9 (1)

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

C.2.6, G.9.9

C.2

8.2.2
8.2.5

Jericho ForumNERC CIP

Commandment #6
Commandment #7
Commandment #8

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Information Security (IS) | ID #IS-31.1

Do you collect capacity and utilization data for all relevant components of your cloud service offering?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.10

A.6.2.3
A.10.6.2

NIST SP800-53 R3 SC-20
NIST SP800-53 R3 SC-21
NIST SP800-53 R3 SC-22
NIST SP800-53 R3 SC-23
NIST SP800-53 R3 SC-24

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 SC-20
NIST SP800-53 R3 SC-20 (1)
NIST SP800-53 R3 SC-21
NIST SP800-53 R3 SC-22
NIST SP800-53 R3 SC-23
NIST SP800-53 R3 SC-24

AUP v5.0 C.2 SIG v6.0:C.2.6, G.9.9

GAPP Ref 8.2.2
GAPP Ref 8.2.5

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Information Security (IS) | ID #IS-31.2

Do you provide tenants with capacity planning and utilization reports?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.10

A.6.2.3
A.10.6.2

NIST SP800-53 R3 SC-20
NIST SP800-53 R3 SC-21
NIST SP800-53 R3 SC-22
NIST SP800-53 R3 SC-23
NIST SP800-53 R3 SC-24

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 SC-20
NIST SP800-53 R3 SC-20 (1)
NIST SP800-53 R3 SC-21
NIST SP800-53 R3 SC-22
NIST SP800-53 R3 SC-23
NIST SP800-53 R3 SC-24

AUP v5.0 C.2 SIG v6.0:C.2.6, G.9.9

GAPP Ref 8.2.2
GAPP Ref 8.2.5

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True