Resource Protection

Prevention of misuse of computer resources.

Cloud Controls Matrix (CCM) Data

Array

IS-34 | Information Security | Utility Programs Access

Control Specification +-

Utility programs capable of potentially overriding system, object, network, virtual machine and application controls shall be restricted.

Architectural Relevance +-

PhysicalNetworkComputeAppData
False True True True True

Corp Gov Relevance +-

Corp Gov Relevance
False

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True True

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

DS5.7

A.11.4.1
A 11.4.4
A.11.5.4

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

AC-5
AC-6
CM-7
SC-3
SC-19

NIST SP 800-53 R3 CM-7

NIST SP 800-53 R3 AC-6
NIST SP 800-53 R3 AC-6 (1)
NIST SP 800-53 R3 AC-6 (2)
NIST SP 800-53 R3 CM-7
NIST SP 800-53 R3 CM-7 (1)

7.1.2

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

H.2.16

Jericho ForumNERC CIP

Commandment #1
Commandment #5
Commandment #6
Commandment #7

CIP-007-3 - R2.1 - R2.2 - R2.3

Array

Information Security (IS) | ID #IS-34.1

Are utilities that can significantly manage virtualized partitions (ex. shutdown, clone, etc.) appropriately restricted and monitored?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.7

A.11.4.1
A 11.4.4
A.11.5.4

NIST SP800-53 R3 AC-5
NIST SP800-53 R3 AC-6
NIST SP800-53 R3 CM-7
NIST SP800-53 R3 SC-3
NIST SP800-53 R3 SC-19

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 AC-5
NIST SP800-53 R3 AC-6
NIST SP800-53 R3 AC-6 (1)
NIST SP800-53 R3 AC-6 (2)
NIST SP800-53 R3 CM-7
NIST SP800-53 R3 CM-7 (1)
NIST SP800-53 R3 SC-3
NIST SP800-53 R3 SC-19

PCI DSS v2.0 7.1.2

SIG v6.0:H.2.16

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Information Security (IS) | ID #IS-34.2

Do you have a capability to detect attacks which target the virtual infrastructure directly (ex. shimming, Blue Pill, Hyper jumping, etc.)?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.7

A.11.4.1
A 11.4.4
A.11.5.4

NIST SP800-53 R3 AC-5
NIST SP800-53 R3 AC-6
NIST SP800-53 R3 CM-7
NIST SP800-53 R3 SC-3
NIST SP800-53 R3 SC-19

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 AC-5
NIST SP800-53 R3 AC-6
NIST SP800-53 R3 AC-6 (1)
NIST SP800-53 R3 AC-6 (2)
NIST SP800-53 R3 CM-7
NIST SP800-53 R3 CM-7 (1)
NIST SP800-53 R3 SC-3
NIST SP800-53 R3 SC-19

PCI DSS v2.0 7.1.2

SIG v6.0:H.2.16

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Information Security (IS) | ID #IS-34.3

Are attacks which target the virtual infrastructure prevented with technical controls?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS5.7

A.11.4.1
A 11.4.4
A.11.5.4

NIST SP800-53 R3 AC-5
NIST SP800-53 R3 AC-6
NIST SP800-53 R3 CM-7
NIST SP800-53 R3 SC-3
NIST SP800-53 R3 SC-19

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 AC-5
NIST SP800-53 R3 AC-6
NIST SP800-53 R3 AC-6 (1)
NIST SP800-53 R3 AC-6 (2)
NIST SP800-53 R3 CM-7
NIST SP800-53 R3 CM-7 (1)
NIST SP800-53 R3 SC-3
NIST SP800-53 R3 SC-19

PCI DSS v2.0 7.1.2

SIG v6.0:H.2.16

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True