Operational Security Baselines

A baseline specifies a policy compliant starting point which may be further specialized (e.g., a move to production process may include a baseline configuration that requires all defult users/passwords, SNMP community names, etc, be changed from their default values before the equipment may be used in production. If the equipment were subject to additional hardening, such as deployment in the DMZ, then further specialized baselines would apply).

Cloud Controls Matrix (CCM) Data

Array

OP-01 | Operations Management | Policy

Control Specification +-

Policies and procedures shall be established and made available for all personnel to adequately support services operations role.

Architectural Relevance +-

PhysicalNetworkComputeAppData
False False False True True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

DS13.1

Clause 5.1
A 8.1.1
A.8.2.1
A 8.2.2
A.10.1.1

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

CM-2
CM-3
CM-4
CM-5
CM-6
CM-9
MA-4
SA-3
SA-4
SA-5
SA-8
SA-10
SA-11
SA-12

NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-4
NIST SP 800-53 R3 CM-6
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-5

NIST SP 800-53 R3 CM-2
NIST SP 800-53 R3 CM-2 (1)
NIST SP 800-53 R3 CM-2 (3)
NIST SP 800-53 R3 CM-2 (5)
NIST SP 800-53 R3 CM-3
NIST SP 800-53 R3 CM-3 (2)
NIST SP 800-53 R3 CM-4
NIST SP 800-53 R3 CM-5
NIST SP 800-53 R3 CM-6
NIST SP 800-53 R3 CM-6 (1)
NIST SP 800-53 R3 CM-6 (3)
NIST SP 800-53 R3 CM-9
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 MA-4 (1)
NIST SP 800-53 R3 MA-4 (2)
NIST SP 800-53 R3 SA-3
NIST SP 800-53 R3 SA-4
NIST SP 800-53 R3 SA-4 (1)
NIST SP 800-53 R3 SA-4 (4)
NIST SP 800-53 R3 SA-4 (7)
NIST SP 800-53 R3 SA-5
NIST SP 800-53 R3 SA-5 (1)
NIST SP 800-53 R3 SA-5 (3)
NIST SP 800-53 R3 SA-8
NIST SP 800-53 R3 SA-10
NIST SP 800-53 R3 SA-11
NIST SP 800-53 R3 SA-11 (1)
NIST SP 800-53 R3 SA-12

12.1
12.2
12.3
12.4

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

G.1.1

8.2.1

Jericho ForumNERC CIP

Commandment #1
Commandment #2
Commandment #3
Commandment #6
Commandment #7

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Operations Management (OP) | ID #OP-01.1

Are policies and procedures established and made available for all personnel to adequately support services operations roles?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS13.1

Clause 5.1
A 8.1.1
A.8.2.1
A 8.2.2
A.10.1.1

FedRAMPPCI_DSSBITSGAPP

PCI DSS v2.0 12.1
PCI DSS v2.0 12.2
PCI DSS v2.0 12.3
PCI DSS v2.0 12.4

SIG v6.0: G.1.1

GAPP Ref 8.2.1

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True