Академический Документы
Профессиональный Документы
Культура Документы
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Contents
Acknowledgments ..................................................................................................................................................... 4
1.0 AOSSL and Cloud ................................................................................................................................................. 5
1.1 What is Always On SSL? ................................................................................................................................... 5
1.2 Introduction to the CSA Security, Trust and Assurance Registry (STAR) Program and CCM .......................... 6
1.3 Using AOSSL to satisfy select control objectives of the Cloud Controls Matrix .............................................. 7
1.4 Summary ........................................................................................................................................................ 10
2.0 References and Useful Links .............................................................................................................................. 11
2.1 Useful Links .................................................................................................................................................... 11
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Acknowledgments
Authors
Rick Andrews
Aloysius Cheang
Geoffrey Noakes
Jim Reavis
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Control Name
Application &
Interface Security
Data Security /
Integrity
CCM
V3.0.1
Control ID
AIS-04
DSI-03
Control Specification
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Control Name
CCM V3.0.1
Control ID
EKM-02
EKM-03
Control Specification
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Control Name
Infrastructure &
Virtualization
Security
Network Security
CCM
V3.0.1
Control ID
IVS-06
Control Specification
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
Control Name
Infrastructure &
Virtualization
Security
Wireless Security
CCM
V3.0.1
Control ID
IVS-12
Control Specification
1.4 Summary
AOSSL is a critical best practice that improves the overall security baseline for cloud computing and reduces the
attack surface that can lead to systems compromise and data breach. Cloud Security Alliance recognizes the
importance of using SSL/TLS pervasively and recommends its usage as an important part of any organizations
catalog of controls to address compliance with our Cloud Controls Matrix.
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
10
Copyright 2014, Cloud Security Alliance. All rights reserved. CONFIDENTIAL: NOT FOR DISTRIBUTION
11