Job Aid Guidelines

A job aid stores information or instruction external to a user and guides the user to perform a task correctly. It is used during the actual performance of a task when the user needs to know the information or procedure. It can be consulted quickly when needed and provides specific, concise information to the user. It reduces the need for individuals to remember so much information and is an efficient method to reduce problems associated with relying strictly on recall to perform in certain situations.

Cloud Controls Matrix (CCM) Data

Array

OP-02 | Operations Management | Documentation

Control Specification +-

Information system documentation (e.g., administrator and user guides, architecture diagrams, etc.) shall be made available to authorized personnel to ensure the following: ? Configuring, installing, and operating the information system ? Effectively using the system?s security features

Architectural Relevance +-

PhysicalNetworkComputeAppData
False True True True True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True False

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

DS 9
DS 13.1

Clause 4.3.3
A.10.7.4

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

CP-9
CP-10
SA-5
SA-10
SA-11

NIST SP 800-53 R3 CP-9
NIST SP 800-53 R3 CP-10
NIST SP 800-53 R3 SA-5

NIST SP 800-53 R3 CP-9
NIST SP 800-53 R3 CP-9 (1)
NIST SP 800-53 R3 CP-9 (3)
NIST SP 800-53 R3 CP-10
NIST SP 800-53 R3 CP-10 (2)
NIST SP 800-53 R3 CP-10 (3)
NIST SP 800-53 R3 SA-5
NIST SP 800-53 R3 SA-5 (1)
NIST SP 800-53 R3 SA-5 (3)
NIST SP 800-53 R3 SA-10
NIST SP 800-53 R3 SA-11
NIST SP 800-53 R3 SA-11 (1)

12.1
12.2
12.3
12.4

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

G.1.1

1.2.6

Jericho ForumNERC CIP

Commandment #1
Commandment #2
Commandment #4
Commandment #5
Commandment #11

CIP-005-3a - R1.3
CIP-007-3 - R9

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Operations Management (OP) | ID #OP-02.1

Are Information system documentation (e.g., administrator and user guides, architecture diagrams, etc.) made available to authorized personnel to ensure Configuring, installing, and operating the information system?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

COBIT 4.1 DS 9, DS 13.1

Clause 4.3.3
A.10.7.4

NIST SP800-53 R3 CP-9
NIST SP800-53 R3 CP-10
NIST SP800-53 R3 SA-5
NIST SP800-53 R3 SA-10
NIST SP800-53 R3 SA-11

FedRAMPPCI_DSSBITSGAPP

PCI DSS v2.0 12.1
PCI DSS v2.0 12.2
PCI DSS v2.0 12.3
PCI DSS v2.0 12.4

SIG v6.0: G.1.1

GAPP Ref 1.2.6

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True