Documente Academic
Documente Profesional
Documente Cultură
2
Architectural Relevance
Control Area
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Data
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
Compliance - Audit
Planning
CO-01
CO-02
Compliance - Third
Party Audits
CO-03
Compliance - Contact /
Authority Maintenance
CO-04
CO-05
CO-06
DG-01
DG-02
DG-03
02/12/2015
Scope Applicability
Tenant /
Consumer
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
FedRAMP
Jericho Forum
2.1.2.b
10.2.5
Commandment #1
Commandment #2
Commandment #3
11.2
11.3
6.6
12.1.2.b
1.2.5
1.2.7
4.2.1
8.2.7
10.2.3
10.2.5
Commandment #1
Commandment #2
Commandment #3
2.4
12.8.2
12.8.3
12.8.4
Appendix A
1.2.11
4.2.3
7.2.4
10.2.3
10.2.4
Commandment #1
Commandment #2
Commandment #3
AT-5
IR-6
SI-5
11.1.e
12.5.3
12.9
L1
1.2.7
10.1.1
10.2.4
Commandment #1
Commandment #2
Commandment #3
ISO/IEC 27001:2005
Clause 4.2.1 b) 2)
Clause 4.2.1 c) 1)
Clause 4.2.1 g)
Clause 4.2.3 d) 6)
Clause 4.3.3
Clause 5.2.1 a - f
Clause 7.3 c) 4)
A.7.2.1
A.15.1.1
A.15.1.3
A.15.1.4
A.15.1.6
AC-1
AT-1
AU-1
CA-1
CM-1
CP-1
IA-1
IA-7
IR-1
MA-1
MP-1
PE-1
PL-1
PM-1
PS-1
RA-1
RA-2
SA-1
SA-6
SC-1
SC-13
SI-1
3.1.1
3.1
1.2.2
1.2.4
1.2.6
1.2.11
3.2.4
5.2.1
Commandment #1
Commandment #2
Commandment #3
Clause 4.2.1
A.6.1.5
A.7.1.3
A.10.8.2
A.12.4.3
A.15.1.2
SA-6
SA-7
PM-5
A.6.1.3
A.7.1.2
A.15.1.4
CA-2
PM-5
PS-2
RA-2
SA-2
PO 2.3
DS 11.6
A.7.2.1
RA-2
AC-4
PO 2.3
DS 11.6
A.7.2.2
A.10.7.1
A.10.7.3
A.10.8.1
AC-16
MP-1
MP-3
PE-16
SI-12
SC-9
ME 2.1
ME 2.2
PO 9.5
PO 9.6
45 CFR 164.312(b)
Clause 4.2.3 e)
Clause 4.2.3b
Clause 5.1 g
Clause 6
A.15.3.1
CA-2
CA-7
PL-6
DS5.5
ME2.5
ME 3.1
PO 9.6
Clause 4.2.3e
Clause 5.1 g
Clause 5.2.1 d)
Clause 6
A.6.1.8
CA-1
CA-2
CA-6
RA-5
ME 2.6
DS 2.1
DS 2.4
45 CFR 164.308(b)(1)
45 CFR 164.308 (b)(4)
A.6.2.3
A.10.2.1
A.10.2.2
A.10.6.2
CA-3
SA-9
SA-12
SC-7
ME 3.1
A.6.1.6
A.6.1.7
ME 3.1
DS5.1
PO 2.3
1 of 13
L.4
NERC CIP
CIP-001-1a R3 - R4
Commandment #1
Commandment #2
Commandment #3
6.2.1
Commandment #6
Commandment #10
9.7.1
9.10
12.3
D.1.3, D.2.2
1.2.3
1.2.6
4.1.2
8.2.1
8.2.5
8.2.6
Commandment #9
CIP-003-3 - R4 - R5
9.5
9.6
9.7.1
9.7.2
9.10
D.2.2
1.1.2
5.1.0
7.1.2
8.1.0
8.2.5
8.2.6
Commandment #8
Commandment #9
Commandment #10
CIP-003-3 - R4 - R4.1
G.13
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
DG-04
Network
Compute
Storage
App
Data
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
Tenant /
Consumer
X
Scope Applicability
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
DS 4.1
DS 4.2
DS 4.5
DS 4.9
DS 11.6
CP-2
CP-6
CP-7
CP-8
CP-9
SI-12
AU-11
DS 11.4
A.9.2.6
A.10.7.2
MP-6
PE-1
45 CFR 164.308(a)(4)(ii)(B)
A.7.1.3
A.10.1.4
A.12.4.2
A.12.5.1
SA-11
CM-04
A.10.6.2
A.12.5.4
AC-2
AC-3
AC-4
AC-6
AC-11
AU-13
PE-19
SC-28
SA-8
SI-7
DG-05
DG-06
DG-07
DG-08
PO 9.1
PO 9.2
PO 9.4
DS 5.7
45 CFR 164.308(a)(1)(ii)(A)
45 CFR 164.308(a)(8)
CA-3
RA-2
RA-3
MP-8
PM-9
SI-12
FS-01
DS5.7
DS 12.1
DS 12.4
DS 4.9
A.5.1.1
A.9.1.3
A.9.1.5
CA-2
PE-1
PE-6
PE-7
PE-8
FS-02
45 CFR 164.310(a)(1)
45 CFR 164.310(a)(2)(ii)
45 CFR 164.310(b)
45 CFR 164.310 ( c) (New)
A.9.1.1
A.9.1.2
PE-2
PE-3
PE-4
PE-5
PE-6
FS-03
DS 12.3
A.9.1.1
PE-2
PE-3
PE-6
PE-18
FS-04
DS 12.2
DS 12.3
A.9.1.1
A.9.1.2
PE-2
PE-3
PE-6
PE-7
PE-8
PE-18
DS 11.6
02/12/2015
2 of 13
FedRAMP
Jericho Forum
NERC CIP
3.1
3.1.1
3.2
9.9.1
9.5
9.6
10.7
D.2.2.9
5.1.0
5.1.1
5.2.2
8.2.6
Commandment #11
CIP-003-3 - R4.1
3.1.1
9.10
9.10.1
9.10.2
3.1
5.1.0
5.2.3
Commandment #11
6.4.3
I.2.18
1.2.6
Commandment #9
Commandment #10
Commandment #11
CIP-003-3 - R6
1.2
6.5.5
11.1
11.2
11.3
11.4
A.1
I.2.18
7.2.1
8.1.0
8.1.1
8.2.1
8.2.2
8.2.5
8.2.6
Commandment #4
Commandment #5
Commandment #6
Commandment #7
Commandment #8
Commandment #9
Commandment #10
Commandment #11
12.1
12.1.2
1.2.4
8.2.1
Commandment #1
Commandment #2
Commandment #3
Commandment #6
Commandment #7
Commandment #9
Commandment #10
Commandment #11
9.1
9.2
9.3
9.4
8.1.0
8.1.1
8.2.1
Commandment #1
Commandment #2
Commandment #3
Commandment #5
9.1
8.2.1
8.2.2
8.2.3
Commandment #1
Commandment #2
Commandment #3
Commandment #5
9.1
8.2.3
Commandment #1
Commandment #2
Commandment #3
Commandment #5
9.1
9.1.1
9.1.2
9.1.3
9.2
8.2.3
Commandment #1
Commandment #2
Commandment #3
Commandment #5
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Supplier Relationship
Phys
Network
Compute
Storage
App
Data
SaaS
PaaS
IaaS
Service
Provider
FS-05
FS-06
FS-07
Policies and procedures shall be established for Proposed v1.1 control revision redacted until
securing and asset management for the use
future revision due to potential mapping impact
and secure disposal of equipment maintained not yet considered:
and used outside the organization's premise.
Policies and procedures governing asset
management shall be established for secure
repurposing of equipment and resources prior
to tenant assignment or jurisdictional transport.
FS-08
Human Resources
Security - Background
Screening
HR-01
Human Resources
Security - Employment
Agreements
HR-02
Scope Applicability
Tenant /
Consumer
COBIT 4.1
DS 12.3
ISO/IEC 27001-2005
NIST SP800-53 R3
FedRAMP
A.9.1.6
PE-7
PE-16
PE-18
A.9.2.7
A.10.1.2
MA-1
MA-2
PE-16
45 CFR 164.310 (c )
45 CFR 164.310 (d)(1)
45 CFR 164.310 (d)(2)(i)
A.9.2.5
A.9.2.6
AC-17
MA-1
PE-1
PE-16
PE-17
A.7.1.1
A.7.1.2
CM-8
A.8.1.2
PS-2
PS-3
Jericho Forum
8.2.3
Commandment #1
Commandment #2
Commandment #3
Commandment #5
9.8
9.9
F.2.18
8.2.5
8.2.6
Commandment #6
Commandment #7
9.8
9.9
9.10
F.2.18, F.2.19,
9.9.1
12.3.3
12.3.4
D.1
12.7
12.8.3
E.2
E.2
1.2.9
Commandment #2
Commandment #3
Commandment #6
Commandment #9
12.4
12.8.2
E.3.5
C.1
1.2.9
8.2.6
Commandment #6
Commandment #7
E.6
8.2.2
10.2.5
Commandment #6
Commandment #7
G.21
NERC CIP
CIP-006-3c R1.2 - R1.3 - R1.4
Commandment #4
Commandment #5
Commandment #11
PO 7.6
DS 2.1
45 CFR 164.310(a)(1)
45 CFR 164.308(a)(4)(i)
A.6.1.5
A.8.1.3
PL-4
PS-6
PS-7
PO 7.8
A.8.3.1
PS-4
PS-5
R2 DS5.2
R2 DS5.5
45 CFR 164.308(a)(1)(i)
45 CFR 164.308(a)(1)(ii)(B)
45 CFR 164.316(b)(1)(i)
45 CFR 164.308(a)(3)(i) (New)
45 CFR 164.306(a) (New)
Clause 4.2
Clause 5
A.6.1.1
A.6.1.2
A.6.1.3
A.6.1.4
A.6.1.5
A.6.1.6
A.6.1.7
A.6.1.8
PM-1
PM-2
PM-3
PM-4
PM-5
PM-6
PM-7
PM-8
PM-9
PM-10
PM-11
12.1
12.2
A.1, B.1
8.2.1
Commandment #1
Commandment #2
CIP-001-1a - R1 - R2
CIP-003-3 - R1 - R1.1 - R4
CIP-006-3c R1
DS5.1
Clause 5
A.6.1.1
CM-1
PM-1
PM-11
12.5
C.1
8.2.1
Commandment #3
Commandment #6
CIP-003-3 - R1 - R1.1
DS5.2
Clause 4.2.1
Clause 5
A.5.1.1
A.8.2.2
AC-1
AT-1
AU-1
CA-1
CM-1
IA-1
IR-1
MA-1
MP-1
MP-1
PE-1
PL-1
PS-1
SA-1
SC-1
SI-1
12.1
12.2
B.1
8.1.0
8.1.1
Commandment #1
Commandment #2
Commandment #3
A.12.1.1
A.15.2.2
CM-2
SA-2
SA-4
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
2.2
2.2.1
2.2.2
2.2.3
2.2.4
1.2.6
8.2.1
8.2.7
Commandment #2
Commandment #4
Commandment #5
Commandment #11
Commandment #6
Commandment #7
Commandment #8
CIP-004-3 - R2.2
HR-03
IS-01
IS-02
IS-03
IS-04
02/12/2015
AI2.1
AI2.2
AI3.3
DS2.3
DS11.6
3 of 13
L.2
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Data
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
Tenant /
Consumer
Scope Applicability
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
AC-1
IA-1
3.5.1
8.5.1
12.5.4
A.11.2.1
A.11.2.2
A.11.4.1
A 11.4.2
A.11.6.1
AC-3
AC-5
AC-6
IA-2
IA-4
IA-5
IA-8
MA-5
PS-6
SA-7
SI-9
7.1
7.1.1
7.1.2
7.1.3
7.2.1
7.2.2
8.5.1
12.5.4
H.2.4, H.2.5,
45 CFR 164.308(a)(3)(ii)(C)
ISO/IEC 27001:2005
A.8.3.3
A.11.1.1
A.11.2.1
A.11.2.2
AC-2
PS-4
PS-5
8.5.4
8.5.5
E.6.2, E.6.3
DS 5.2
DS 5.4
Clause 4.2.3 f)
A.5.1.2
AC-1
AT-1
AU-1
CA-1
CM-1
CP-1
IA-1
IA-5
IR-1
MA-1
MP-1
PE-1
PL-1
PM-1
PS-1
RA-1
SA-1
SC-1
SI-1
IS-06
PO 7.7
A.8.2.3
PL-4
PS-1
PS-8
IS-07
DS 5.4
A.11.1.1
A.11.2.1
A.11.2.4
A.11.4.1
A.11.5.2
A.11.6.1
IS-08
DS5.4
IS-09
DS 5.4
IS-10
IS-11
IS-12
IS-13
02/12/2015
12.1.3
IS-05
FedRAMP
B.1.33. B.1.34,
B.1.5
DS5.3
DS5.4
A.11.2.4
AC-2
AU-6
PM-10
PS-6
PS-7
PO 7.4
Clause 5.2.2
A.8.2.2
AT-1
AT-2
AT-3
AT-4
A.6.1.7
AT-5
SI-5
C.1.8
Clause 5.1 c)
A.6.1.2
A.6.1.3
A.8.1.1
AT-3
PL-4
PM-10
PS-1
PS-6
PS-7
DS5.1
4 of 13
B.1
H.2
12.6
12.6.1
12.6.2
E.4
E.1
Jericho Forum
NERC CIP
1.2.1
8.2.7
10.2.3
Commandment #1
Commandment #2
Commandment #3
10.2.4
Commandment #6
Commandment #7
8.1.0
Commandment #6
Commandment #7
Commandment #8
8.2.2
Commandment #6
Commandment #7
Commandment #8
Commandment #9
Commandment #10
8.2.1
Commandment #6
Commandment #7
Commandment #8
CIP-004-3 R2.2.3
CIP-007-3 - R5.1.3 -R5.2.1 R5.2.3
8.2.1
8.2.7
Commandment #6
Commandment #7
Commandment #8
Commandment #10
CIP-004-3 R2.2.2
CIP-007-3 - R5 - R.1.3
1.2.10
8.2.1
Commandment #3
Commandment #6
CIP-004-3 - R1 - R2 - R2.1
Commandment #1
Commandment #2
Commandment #3
1.2.9
8.2.1
Commandment #6
Commandment #7
Commandment #8
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
Data
Tenant /
Consumer
X
IS-14
IS-15
IS-16
IS-17
COBIT 4.1
DS5.3
DS5.4
DS5.5
IS-18
IS-19
ISO/IEC 27001-2005
NIST SP800-53 R3
Clause 5.2.2
A.8.2.1
A.8.2.2
A 11.2.4
A.15.2.1
AT-2
AT-3
CA-1
CA-5
CA-6
CA-7
PM-10
FedRAMP
NIST SP800-53 R3 AT2_x000D_
NIST SP800-53 R3 AT3_x000D_
NIST SP800-53 R3 CA1_x000D_
NIST SP800-53 R3 CA5_x000D_
NIST SP800-53 R3 CA6_x000D_
NIST SP800-53 R3 CA7_x000D_
NIST
SP800-53 R3 AC1_x000D_
NIST SP800-53 R3 AC2_x000D_
NIST SP800-53 R3 AC-2
(1)_x000D_
NIST SP800-53 R3 AC-2
(2)_x000D_
NIST SP800-53 R3 AC-2
(3)_x000D_
NIST SP800-53 R3 AC-2
(4)_x000D_
NIST SP800-53 R3 AC-2
(7)_x000D_
NIST SP800-53 R3 AC5_x000D_
NIST SP800-53 R3 AC6_x000D_
NIST SP800-53 R3 AC-6
(1)_x000D_
NIST SP800-53 R3 AC-6
(2)_x000D_
NIST SP800-53 R3 AU1_x000D_
NIST SP800-53 R3 AU6_x000D_
NIST SP800-53 R3 AU-6
(1)_x000D_
NIST SP800-53 R3 AU-6
(3)_x000D_
NIST SP800-53 R3 SI1_x000D_
NIST SP800-53 R3 SI4_x000D_
NIST SP800-53 R3 SI-4
NIST SP800-53 R3 AT2_x000D_
NIST SP800-53 R3 AT3_x000D_
NIST SP800-53 R3 AT4_x000D_
NIST SP800-53 R3 PL4_x000D_
DS 5.4
A.10.1.3
AC-1
AC-2
AC-5
AC-6
AU-1
AU-6
SI-1
SI-4
PO 4.6
Clause 5.2.2
A.8.2.2
A.11.3.1
A.11.3.2
AT-2
AT-3
AT-4
PL-4
Clause 5.2.2
A.8.2.2
A.9.1.5
A.11.3.1
A.11.3.2
A.11.3.3
AC-11
MP-2
MP-3
MP-4
02/12/2015
Scope Applicability
DS5.8
DS5.10
DS5.11
A.10.6.1
A.10.8.3
A.10.8.4
A.10.9.2
A.10.9.3
A.12.3.1
A.15.1.3
A.15.1.4
AC-18
IA-3
IA-7
SC-7
SC-8
SC-9
SC-13
SC-16
SC-23
SI-8
DS5.8
Clause 4.3.3
A.10.7.3
A.12.3.2
A.15.1.6
SC-12
SC-13
SC-17
SC-28
5 of 13
12.6.1
12.6.2
E.4
6.4.2
8.5.7
12.6.1
E.4
E.4
Jericho Forum
1.1.2
8.2.1
Commandment #6
Commandment #7
Commandment #8
8.2.2
Commandment #6
Commandment #7
Commandment #8
Commandment #10
E.1
1.2.10
8.2.1
Commandment #5
Commandment #6
Commandment #7
E.1
8.2.3
Commandment #5
Commandment #6
Commandment #7
Commandment #11
2.1.1
3.4
3.4.1
4.1
4.1.1
4.2
8.1.1
8.2.1
8.2.5
Commandment #4
Commandment #5
Commandment #9
Commandment #10
Commandment #11
3.4.1
3.5
3.5.1
3.5.2
3.6
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
L.6
8.1.1
8.2.1
8.2.5
Commandment #9
Commandment #10
Commandment #11
NERC CIP
CIP-007-3 R5.1.1
CIP-003-3 - R4.2
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Data
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
IS-20
IS-21
IS-22
IS-23
IS-24
IS-25
IS-26
Policies and procedures shall be established for Proposed v1.1 control revision redacted until
the acceptable use of information assets.
future revision due to potential mapping impact
not yet considered:
Scope Applicability
Tenant /
Consumer
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
IS-27
IS-28
IS-29
02/12/2015
AI6.1
AI3.3
DS5.9
CM-3
CM-4
CP-10
RA-5
SA-7
SI-1
SI-2
SI-5
DS5.9
A.10.4.1
SA-7
SC-5
SI-3
SI-5
SI-7
SI-8
DS5.6
Clause 4.3.3
A.13.1.1
A.13.2.1
IR-1
IR-2
IR-3
IR-4
IR-5
IR-7
IR-8
Clause 4.3.3
Clause 5.2.2
A.6.1.3
A.8.2.1
A.8.2.2
A.13.1.1
A.13.1.2
A.13.2.1
IR-2
IR-6
IR-7
SI-4
SI-5
DS5.6
Clause 4.3.3
Clause 5.2.2
A.8.2.2
A.8.2.3
A.13.2.3
A.15.1.3
AU-6
AU-7
AU-9
AU-11
IR-5
IR-7
IR-8
DS 4.9
A.13.2.2
IR-4
IR-5
IR-8
DS 5.3
A.7.1.3
AC-8
AC-20
PL-4
A.7.1.1
A.7.1.2
A.8.3.2
PS-4
45 CFR 164.312(e)(1)
45 CFR 164.312(e)(2)(i)
A.7.2.1
A.10.6.1
A.10.6.2
A.10.9.1
A.10.9.2
A.15.1.4
AC-14
AC-21
AC-22
IA-8
AU-10
SC-4
SC-8
SC-9
A.15.3.2
AU-9
AU-11
AU-14
DS5.6
FedRAMP
1_x000D_
NIST SP800-53 R3 IR2_x000D_
NIST SP800-53 R3 IR3_x000D_
NIST SP800-53 R3 IR4_x000D_
NIST SP800-53 R3 IR-4
(1)_x000D_
NIST SP800-53 R3 IR5_x000D_
NIST
NIST SP800-53
SP800-53 R3
R3 IRIR2_x000D_
NIST SP800-53 R3 IR6_x000D_
NIST SP800-53 R3 IR-6
(1)_x000D_
NIST SP800-53 R3 IR7_x000D_
NIST SP800-53 R3 IR-7
(1)_x000D_
NIST SP800-53 R3 IR-7
(2)_x000D_
NIST SP800-53 R3 SI4_x000D_
NIST SP800-53 R3 SI-4
NIST SP800-53 R3 AU6_x000D_
NIST SP800-53 R3 AU-6
(1)_x000D_
NIST SP800-53 R3 AU-6
(3)_x000D_
NIST SP800-53 R3 AU7_x000D_
NIST SP800-53 R3 AU-7
(1)_x000D_
NIST SP800-53 R3 AU9_x000D_
NIST SP800-53 R3 AU-9
(2)_x000D_
NIST SP800-53 R3 AU11_x000D_
NIST SP800-53 R3 IR5_x000D_
NIST SP800-53 R3 IR7_x000D_
NIST SP800-53
SP800-53 R3
R3 IRIR-7
NIST
4_x000D_
NIST SP800-53 R3 IR-4
(1)_x000D_
NIST SP800-53 R3 IR5_x000D_
NIST SP800-53 R3 AC8_x000D_
NIST SP800-53 R3 AC20_x000D_
NIST SP800-53 R3 AC-20
(1)_x000D_
NIST SP800-53 R3 AC-20
(2)_x000D_
NIST SP800-53 R3 PL4_x000D_
2.2
6.1
6.2
6.3.2
6.4.5
6.5
6.6
11.2
11.2.1
11.2.2
11.2.3
G.15.2, I.3
5.1
5.1.1
5.2
G.7
12.9
12.9.1
12.9.2
12.9.3
12.9.4
12.9.5
12.9.6
J.1.1, J.1.2
12.5.2
12.5.3
Jericho Forum
NERC CIP
1.2.6
8.2.7
Commandment #4
Commandment #5
8.2.2
Commandment #4
Commandment #5
J.1
1.2.4
1.2.7
7.1.2
7.2.2
7.2.4
10.2.1
10.2.4
Commandment #2
Commandment #6
Commandment #8
CIP-007-3 - R6.1
CIP-008-3 - R1
J.1.1, E.4
J.1
E.1
1.2.7
1.2.10
7.1.2
7.2.2
7.2.4
10.2.4
Commandment #2
Commandment #6
Commandment #8
CIP-003-3 - R4.1
CIP-004-3 R3.3
J.1
E.1
1.2.7
CIP-004-3 R3.3
1.2.7
1.2.10
CIP-008-3 - R1.1
12.9.6
J.1.2
12.3.5
B.3
8.1.0
E.6.4
D.1
5.2.3
7.2.2
8.2.1
8.2.6
G.4
G.11
G.16
G.18
I.3
I.4
3.2.4
4.2.3
7.1.2
7.2.1
7.2.2
8.2.1
8.2.5
Commandment #4
Commandment #5
Commandment #9
Commandment #10
Commandment #11
8.2.1
Commandment #2
Commandment #5
Commandment #11
Commandment #1
Commandment #2
Commandment #3
DS 5.10 5.11
DS 5.7
6 of 13
2.1.1
4.1
4.1.1
4.2
10.5.5
CIP-003-3 - R5.2
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Data
Supplier Relationship
Tenant /
Consumer
Scope Applicability
SaaS
PaaS
IaaS
Service
Provider
DS5.7
A.10.6.1
A.11.1.1
A.11.4.4
A.11.5.4
CM-7
MA-3
MA-4
MA-5
A.6.2.3
A.10.6.2
SC-20
SC-21
SC-22
SC-23
SC-24
A.7.2.1
A.10.7.1
A.10.7.2
A.10.8.3
A.11.7.1
A.11.7.2
A.15.1.4
AC-17
AC-18
AC-19
MP-2
MP-4
MP-6
Clause 4.3.3
A.12.4.3
A.15.1.3
CM-5
CM-6
A.11.4.1
A 11.4.4
A.11.5.4
COBIT 4.1
IS-30
IS-31
DS5.10
IS-32
DS5.11
DS5.5
IS-33
IS-34
ISO/IEC 27001-2005
DS5.7
LG-02
02/12/2015
DS5.11
7 of 13
AC-5
AC-6
CM-7
SC-3
SC-19
ISO/IEC 27001:2005
Annex A.6.1.5
PL-4
PS-6
SA-9
A.6.2.3
A10.2.1
A.10.8.2
A.11.4.6
A.11.6.1
A.12.3.1
A.12.5.4
CA-3
MP-5
PS-7
SA-6
SA-7
SA-9
LG-01
FedRAMP
NIST SP800-53 R3 CM7_x000D_
NIST SP800-53 R3 CM-7
(1)_x000D_
NIST SP800-53 R3 MA3_x000D_
NIST SP800-53 R3 MA-3
(1)_x000D_
NIST SP800-53 R3 MA-3
(2)_x000D_
NIST SP800-53 R3 MA-3
(3)_x000D_
NIST SP800-53 R3 MA4_x000D_
NIST SP800-53 R3 MA-4
(1)_x000D_
NIST SP800-53 R3 MA-4
(2)_x000D_
NIST SP800-53 R3 MA5_x000D_
NIST
SP800-53 R3 SC20_x000D_
NIST SP800-53 R3 SC-20
(1)_x000D_
NIST SP800-53 R3 SC21_x000D_
SCNIST SP800-53 R3 AC22_x000D_
17_x000D_
SCNIST SP800-53 R3 AC-17
23_x000D_
(1)_x000D_
SCNIST SP800-53 R3 AC-17
24_x000D_
(2)_x000D_
NIST SP800-53 R3 AC-17
(3)_x000D_
NIST SP800-53 R3 AC-17
(4)_x000D_
NIST SP800-53 R3 AC-17
(5)_x000D_
NIST SP800-53 R3 AC-17
(7)_x000D_
NIST SP800-53 R3 AC-17
(8)_x000D_
NIST SP800-53 R3 AC18_x000D_
NIST SP800-53 R3 AC-18
(1)_x000D_
NIST SP800-53 R3 AC-18
(2)_x000D_
NIST SP800-53 R3 AC-18
(3)_x000D_
NIST SP800-53 R3 AC-18
(4)_x000D_
NIST SP800-53 R3 AC-18
(5)_x000D_
NIST SP800-53 R3 AC19_x000D_
NIST SP800-53 R3 AC-19
(1)_x000D_
NIST SP800-53 R3 AC-19
(2)_x000D_
NIST SP800-53 R3 AC-19
(3)_x000D_
NIST SP800-53
SP800-53 R3
R3 CMMPNIST
5_x000D_
NIST SP800-53 R3 CM-5
(1)_x000D_
NIST SP800-53 R3 CM-5
(5)_x000D_
NIST SP800-53 R3 CM6_x000D_
NIST SP800-53 R3 CM-6
(1)_x000D_
NIST SP800-53 R3 CM-6
(3)_x000D_
Utility programs capable of potentially overriding Proposed v1.1 control revision redacted until
system, object, network, virtual machine and
future revision due to potential mapping impact
application controls shall be restricted.
not yet considered:
Legal - Non-Disclosure
Agreements
NIST SP800-53 R3
C.2.6, G.9.9
Jericho Forum
Commandment #3
Commandment #4
Commandment #5
Commandment #6
Commandment #7
Commandment #8
C.2
8.2.2
8.2.5
Commandment #6
Commandment #7
Commandment #8
9.7
9.7.2
9.8
9.9
11.1
12.3
1.2.6
3.2.4
8.2.6
All
6.4.1
6.4.2
1.2.6
6.2.1
Commandment #6
Commandment #7
Commandment #9
Commandment #10
7.1.2
H.2.16
12.8.2
12.8.3
12.8.4
C.2.5
2.4
12.8.2
Commandment #1
Commandment #5
Commandment #6
Commandment #7
C.2
1.2.5
Commandment #6
Commandment #7
Commandment #8
Commandment #9
1.2.5
Commandment #1
Commandment #4
Commandment #5
Commandment #6
Commandment #7
Commandment #8
NERC CIP
CIP-007-3 - R2
CIP-007-3 - R7.1
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Data
Supplier Relationship
SaaS
PaaS
IaaS
DS13.1
Clause 5.1
A 8.1.1
A.8.2.1
A 8.2.2
A.10.1.1
CM-2
CM-3
CM-4
CM-5
CM-6
CM-9
MA-4
SA-3
SA-4
SA-5
SA-8
SA-10
SA-11
SA-12
DS 9
DS 13.1
Clause 4.3.3
A.10.7.4
CP-9
CP-10
SA-5
SA-10
SA-11
DS 3
A.10.3.1
SA-4
Operations
Management - Policy
OP-01
Operations
Management Documentation
OP-02
Operations
Management Capacity / Resource
Planning
OP-03
Operations
Management Equipment
Maintenance
OP-04
RI-01
Scope Applicability
Service
Provider
Tenant /
Consumer
COBIT 4.1
RI-02
FedRAMP
NIST SP800-53 R3 CM2_x000D_
NIST SP800-53 R3 CM-2
(1)_x000D_
NIST SP800-53 R3 CM-2
(3)_x000D_
NIST SP800-53 R3 CM-2
(5)_x000D_
NIST SP800-53 R3 CM3_x000D_
NIST SP800-53 R3 CM-3
(2)_x000D_
NIST SP800-53 R3 CM4_x000D_
NIST SP800-53 R3 CM5_x000D_
NIST SP800-53 R3 CM-5
(1)_x000D_
NIST SP800-53 R3 CM-5
(5)_x000D_
NIST SP800-53 R3 CM6_x000D_
NIST SP800-53 R3 CM-6
(1)_x000D_
NIST SP800-53 R3 CM-6
(3)_x000D_
NIST SP800-53 R3 CM9_x000D_
NIST SP800-53 R3 MA4_x000D_
NIST SP800-53 R3 MA-4
(1)_x000D_
NIST SP800-53 R3 MA-4
(2)_x000D_
NIST SP800-53 R3 SA3_x000D_
NIST
NIST SP800-53
SP800-53 R3
R3 SACP9_x000D_
NIST SP800-53 R3 CP-9
(1)_x000D_
NIST SP800-53 R3 CP-9
(3)_x000D_
NIST SP800-53 R3 CP10_x000D_
NIST SP800-53 R3 CP-10
(2)_x000D_
NIST SP800-53 R3 CP-10
(3)_x000D_
NIST SP800-53 R3 SA5_x000D_
NIST SP800-53 R3 SA-5
(1)_x000D_
NIST SP800-53 R3 SA-5
(3)_x000D_
NIST SP800-53 R3 SA10_x000D_
NIST SP800-53 R3 SA11_x000D_
NIST SP800-53 R3 SA-11
NIST SP800-53 R3 SA4_x000D_
NIST SP800-53 R3 SA-4
(1)_x000D_
NIST SP800-53 R3 SA-4
(4)_x000D_
NIST SP800-53 R3 SA-4
(7)_x000D_
NIST SP800-53 R3 MA2_x000D_
NIST SP800-53 R3 MA-2
(1)_x000D_
NIST SP800-53 R3 MA3_x000D_
NIST SP800-53 R3 MA-3
(1)_x000D_
NIST SP800-53 R3 MA-3
(2)_x000D_
NIST SP800-53 R3 MA-3
(3)_x000D_
NIST SP800-53 R3 MA4_x000D_
NIST SP800-53 R3 MA-4
(1)_x000D_
NIST SP800-53 R3 MA-4
(2)_x000D_
NIST SP800-53 R3 MA5_x000D_
NIST SP800-53
SP800-53 R3
R3 ACMANIST
4_x000D_
NIST SP800-53 R3 CA2_x000D_
NIST SP800-53 R3 CA-2
(1)_x000D_
NIST SP800-53 R3 CA6_x000D_
NIST SP800-53 R3 PM9_x000D_
RANIST SP800-53 R3 PL5_x000D_
NIST SP800-53 R3 RA2_x000D_
NIST SP800-53 R3 RA3_x000D_
A.9.2.4
MA-2
MA-3
MA-4
MA-5
MA-6
PO 9.1
AC-4
CA-2
CA-6
PM-9
RA-1
PO 9.4
PL-5
RA-2
RA-3
CA-5
CM-4
Clause 4.2.3
Clause 4.2.4
Clause 4.3.1
Clause 5
Clause 7
A.5.1.2
A.10.1.2
A.10.2.3
A.14.1.2
A.15.2.1
A.15.2.2
CP-2
RA-2
RA-3
RI-03
PO 9.5
RI-04
PO 9.6
02/12/2015
NIST SP800-53 R3
A13.3
ISO/IEC 27001-2005
8 of 13
Jericho Forum
12.1
12.2
12.3
12.4
G.1.1
8.2.1
Commandment #1
Commandment #2
Commandment #3
Commandment #6
Commandment #7
12.1
12.2
12.3
12.4
G.1.1
1.2.6
Commandment #1
Commandment #2
Commandment #4
Commandment #5
Commandment #11
G.5
1.2.4
Commandment #1
Commandment #2
Commandment #3
F.2.19
5.2.3
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.2.7
Commandment #2
Commandment #5
Commandment #11
NERC CIP
CIP-005-3a - R1.3
CIP-007-3 - R9
12.1.2
A.1, L.1
L.2
1.2.4
CIP-009-3 - R4
12.1.2
I.1
I.4
1.2.4
1.2.5
I.4
L.2
CIP-009-3 - R1.2
B.2
G.21
L.2
CIP-009-3 - R2
12.1.3
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Data
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
RI-05
RM-01
RM-02
RM-03
RM-04
02/12/2015
Tenant /
Consumer
X
Scope Applicability
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
FedRAMP
Jericho Forum
A.6.2.1
A.8.3.3
A.11.1.1
A.11.2.1
A.11.2.4
CA-3
MA-4
RA-3
12.8.1
12.8.2
12.8.3
12.8.4
A12
A16.1
A.6.1.4
A.6.2.1
A.12.1.1
A.12.4.1
A.12.4.2
A.12.4.3
A.12.5.5
A.15.1.3
A.15.1.4
CA-1
CM-1
CM-9
PL-1
PL-2
SA-1
SA-3
SA-4
6.3.2
1.2.6
Commandment #1
Commandment #2
Commandment #3
A.10.1.4
A.12.5.1
A.12.5.2
CA-1
CA-6
CA-7
CM-2
CM-3
CM-5
CM-6
CM-9
PL-2
PL-5
SI-2
SI-6
SI-7
1.1.1
6.3.2
6.4
6.1
1.2.6
Commandment #1
Commandment #2
Commandment #3
Commandment #11
A.6.1.3
A.10.1.1
A.10.1.4
A.10.3.2
A.12.1.1
A.12.2.1
A.12.2.2
A.12.2.3
A.12.2.4
A.12.4.1
A.12.4.2
A.12.4.3
A.12.5.1
A.12.5.2
A.12.5.3
A.12.6.1
A.13.1.2
A.15.2.1
A.15.2.2
CM-1
CM-2
SA-3
SA-4
SA-5
SA-8
SA-10
SA-11
SA-13
1.1.1
6.1
6.4
9.1.0
9.1.1
9.2.1
9.2.2
Commandment #1
Commandment #2
Commandment #3
A.6.1.8
A.6.2.1
A.6.2.3
A.10.1.4
A.10.2.1
A.10.2.2
A.10.2.3
A.10.3.2
A.12.1.1
A.12.2.1
A.12.2.2
A.12.2.3
A.12.2.4
A.12.4.1
A.12.4.2
A.12.4.3
A.12.5.1
A.12.5.2
A.12.5.3
A.12.5.5
A.12.6.1
A.13.1.2
A.15.2.1
A.15.2.2
SA-4
SA-5
SA-8
SA-9
SA-10
SA-11
SA-12
SA-13
3.6.7
6.4.5.2
7.1.3
8.5.1
9.1
9.1.2
9.2b
9.3.1
10.5.2
11.5
12.3.1
12.3.3
A16.1
A17.6
PO 8.1
9 of 13
B.1
H.2
DS 2.3
C.2
I.1
I.2
I.4
NERC CIP
7.1.1
7.1.2
7.2.1
7.2.2
7.2.3
7.2.4
CIP-003-3 - R6
Commandment #1
Commandment #2
Commandment #3
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
Data
RM-05
RS-01
Resiliency - Impact
Analysis
RS-02
Resiliency - Business
Continuity Planning
RS-03
Resiliency - Business
Continuity Testing
RS-04
RS-05
02/12/2015
Scope Applicability
Tenant /
Consumer
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
FedRAMP
NIST SP800-53 R3 CM1_x000D_
NIST SP800-53 R3 CM2_x000D_
NIST SP800-53 R3 CM-2
(1)_x000D_
NIST SP800-53 R3 CM-2
(3)_x000D_
NIST SP800-53 R3 CM-2
(5)_x000D_
NIST SP800-53 R3 CM3_x000D_
NIST SP800-53 R3 CM-3
(2)_x000D_
NIST SP800-53 R3 CM5_x000D_
NIST SP800-53 R3 CM-5
(1)_x000D_
NIST SP800-53 R3 CM-5
(5)_x000D_
NIST SP800-53 R3 CM7_x000D_
NIST SP800-53 R3 CM-7
(1)_x000D_
NIST SP800-53 R3 CM8_x000D_
NIST SP800-53 R3 CM-8
(1)_x000D_
NIST SP800-53 R3 CM-8
(3)_x000D_
NIST SP800-53 R3 CM-8
(5)_x000D_
NIST SP800-53 R3 CM9_x000D_
NIST SP800-53 R3 SA6_x000D_
NIST
NIST SP800-53
SP800-53 R3
R3 SACP1_x000D_
NIST SP800-53 R3 CP2_x000D_
NIST SP800-53 R3 CP-2
(1)_x000D_
NIST SP800-53 R3 CP-2
(2)_x000D_
A.10.1.3
A.10.4.1
A.11.5.4
A.11.6.1
A.12.4.1
A.12.5.3
CM-1
CM-2
CM-3
CM-5
CM-7
CM-8
CM-9
SA-6
SA-7
SI-1
SI-3
SI-4
SI-7
Clause 4.3.2
A.14.1.1
A 14.1.4
CP-1
CP-2
ISO/IEC 27001:2005
A.14.1.2
A 14.1.4
RA-3
Clause 5.1
A.6.1.2
A.14.1.3
A.14.1.4
CP-1
CP-2
CP-3
CP-4
CP-6
CP-7
CP-8
CP-9
CP-10
PE-17
A.14.1.5
CP-2
CP-3
CP-4
A.9.1.4
A.9.2.1
PE-1
PE-13
PE-14
PE-15
PE-18
PO 9.1
PO 9.2
DS 4.2
10 of 13
12.9.1
Jericho Forum
Commandment #1
Commandment #2
Commandment #3
K.2
Commandment #1
Commandment #2
Commandment #3
12.9.1
12.9.3
12.9.4
12.9.6
Commandment #1
Commandment #2
Commandment #3
12.9.2
Commandment #1
Commandment #2
Commandment #3
F.1
8.2.4
NERC CIP
Commandment #1
Commandment #2
Commandment #3
Commandment #5
Commandment #11
Commandment #1
Commandment #2
Commandment #3
CIP-004-3 R3.2
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Resiliency - Equipment
Location
RS-06
Resiliency - Equipment
Power Failures
RS-07
Resiliency - Power /
Telecommunications
RS-08
Data
X
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
A.9.2.1
PE-1
PE-5
PE-14
PE-15
PE-18
A.9.2.2
A.9.2.3
A 9.2.4
CP-8
PE-1
PE-9
PE-10
PE-11
PE-12
PE-13
PE-14
A.9.2.2
A.9.2.3
PE-1
PE-4
PE-13
A.6.2.1
A.6.2.2
A.11.1.1
CA-1
CA-2
CA-5
CA-6
A.8.3.3
A.11.1.1
A.11.2.1
A.11.2.3
A.11.2.4
A.11.5.5
AC-1
AC-2
AC-3
AC-11
AU-2
AU-11
IA-1
IA-2
IA-5
IA-6
IA-8
SC-10
DS5.11
A.10.8.1
A.10.8.2
A.11.1.1
A.11.6.1
A.11.4.6
A.12.3.1
A.12.5.4
A.15.1.4
AC-1
AC-4
SC-1
SC-16
AI2.4
45 CFR 164.312(e)(2)(i)
A.11.5.6
A.11.6.1
A.12.2.1
A.12.2.2
A.12.2.3
A.12.2.4
A.12.5.2
A.12.5.4
A.12.5.5
A.12.6.1
A.15.2.1
A.10.9.2
A.10.9.3
A.12.2.1
A.12.2.2
A.12.2.3
A.12.2.4
A.12.6.1
A.15.2.1
SC-2
SC-3
SC-4
SC-5
SC-6
SC-7
SC-8
SC-9
SC-10
SC-11
SC-12
SC-13
SC-14
SC-17
SC-18
SC-20
SC-21
SC-22
SI-10
SC-23
SI-11
SI-2
SI-3
SI-4
SI-6
SI-7
SI-9
SA-01
SA-02
SA-03
SA-04
X`
SA-05
SA-06
02/12/2015
Scope Applicability
Tenant /
Consumer
DS5.3
DS5.4
45 CFR 164.308(a)(5)(ii)(c)
45 CFR 164.308 (a)(5)(ii)(D)
45 CFR 164.312 (a)(2)(i)
45 CFR 164.312 (a)(2)(iii)
45 CFR 164.312 (d)
A.10.1.4
A.10.3.2
A.11.1.1
A.12.5.1
A.12.5.2
A.12.5.3
DS5.7
11 of 13
SC-2
FedRAMP
NIST SP800-53 R3 PE1_x000D_
NIST SP800-53 R3 PE5_x000D_
NIST SP800-53 R3 PE14_x000D_
NIST SP800-53 R3 PE-14
(1)_x000D_
NIST SP800-53 R3 PENIST SP800-53 R3 CP8_x000D_
NIST SP800-53 R3 CP-8
(1)_x000D_
NIST SP800-53 R3 CP-8
(2)_x000D_
NIST SP800-53 R3 PE1_x000D_
NIST SP800-53 R3 PE9_x000D_
NIST SP800-53 R3 PE10_x000D_
NIST SP800-53 R3 PE11_x000D_
NIST SP800-53 R3 PE-11
(1)_x000D_
NIST SP800-53 R3 PE12_x000D_
NIST SP800-53 R3 PE13_x000D_
NIST SP800-53 R3 PE-13
(1)_x000D_
NIST SP800-53 R3 PE-13
(2)_x000D_
NIST SP800-53 R3 PE-13
(3)_x000D_
NIST SP800-53 R3 PE1_x000D_
NIST SP800-53 R3 PE4_x000D_
NIST SP800-53 R3 PE13_x000D_
NIST SP800-53 R3 PE-13
(1)_x000D_
NIST SP800-53 R3 PE-13
(2)_x000D_
NIST SP800-53 R3 PE-13
(3)_x000D_
Jericho Forum
F.1
Commandment #1
Commandment #2
Commandment #3
F.1
Commandment #1
Commandment #2
Commandment #3
F.1
Commandment #1
Commandment #2
Commandment #3
Commandment #4
Commandment #9
Commandment #11
1.2.2
1.2.6
6.2.1
6.2.2
NERC CIP
Commandment #6
Commandment #7
Commandment #8
8.1
8.2,
8.3
8.4
8.5
10.1,
12.2,
12.3.8
Commandment #6
Commandment #7
Commandment #8
Commandment #9
CIP-004-3 R2.2.3
CIP-007-3 - R5.2 - R5.3.1 R5.3.2 - R5.3.3
2.3
3.4.1
4.1
4.1.1
6.1
6.3.2a
6.5c
8.3
10.5.5
11.5
1.1.0
1.2.2
1.2.6
4.2.3
5.2.1
7.1.2
7.2.1
7.2.2
7.2.3
7.2.4
8.2.1
8.2.2
8.2.3
8.2.5
9.2.1
All
6.5
G.16.3, I.3
I.4
1.2.6
Commandment #1
Commandment #2
Commandment #4
Commandment #5
Commandment #11
CIP-007-3 - R5.1
6.3.1
6.3.2
G.16.3, I.3
I.4
1.2.6
Commandment #1
Commandment #9
Commandment #11
CIP-003-3 - R4.2
6.4.1
6.4.2
B.1
1.2.6
Commandment #1
Commandment #10
Commandment #11
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
SA-07
Supplier Relationship
Tenant /
Consumer
Scope Applicability
Network
Compute
Storage
App
Data
SaaS
PaaS
IaaS
Service
Provider
A.11.1.1
A.11.4.1
A.11.4.2
A.11.4.6
A.11.7.1
AC-17
AC-20
IA-1
IA-2
MA-4
A.10.6.1
A.10.6.2
A.10.9.1
A.10.10.2
A.11.4.1
A.11.4.5
A.11.4.6
A.11.4.7
A.15.1.4
SC-7
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
SA-08
SA-09
DS5.10
A.11.4.5
A.11.6.1
A.11.6.2
A.15.1.4
AC-4
SC-2
SC-3
SC-7
SA-10
DS5.5
DS5.7
DS5.8
DS5.10
A.7.1.1
A.7.1.2
A.7.1.3
A.9.2.1
A.9.2.4
A.10.6.1
A.10.6.2
A.10.8.1
A.10.8.3
A.10.8.5
A.10.10.2
A.11.2.1
A.11.4.3
A.11.4.5
A.11.4.6
A.11.4.7
A.12.3.1
A.12.3.2
AC-1
AC-18
CM-6
PE-4
SC-3
SC-7
SA-11
A.10.8.1
A.11.1.1
A.11.6.2
A.11.4.6
PE-4
SC-4
SC-7
02/12/2015
12 of 13
FedRAMP
Jericho Forum
NERC CIP
8.3
B.1
8.2.2
Commandment #6
Commandment #7
Commandment #8
CIP-004-3 R3.1
1.1
1.1.2
1.1.3
1.1.5
1.1.6
1.2
1.2.1
2.2.2
2.2.3
G.2
G.4
G.15
G.16
G.17
G.18
I.3
8.2.5
Commandment #1
Commandment #2
Commandment #3
Commandment #9
Commandment #10
Commandment #11
CIP-004-3 R2.2.4
1.1
1.2
1.2.1
1.3
1.4
G.17
Commandment #1
Commandment #2
Commandment #3
Commandment #9
Commandment #10
Commandment #11
CIP-004-3 R3
1.2.3
2.1.1
4.1
4.1.1
11.1
9.1.3
D.1
B.3
F.1
G.4
G.15
G.17
G.18
8.2.5
Commandment #1
Commandment #2
Commandment #3
Commandment #4
Commandment #5
Commandment #9
Commandment #10
Commandment #11
CIP-004-3 R3
CIP-007-3 - R6.1
1.3.5
2.4
B.1
8.2.5
Commandment #5
Commandment #6
Commandment #7
Commandment #9
Commandment #10
Commandment #11
CIP-004-3 R3 - R3.2
Control ID
Control Specification
Corp Gov
Relevance
Control Notes
Phys
Network
Compute
Storage
App
Data
SA-12
SA-13
SA-14
SA-15
Supplier Relationship
SaaS
PaaS
IaaS
Service
Provider
Scope Applicability
Tenant /
Consumer
COBIT 4.1
ISO/IEC 27001-2005
NIST SP800-53 R3
FedRAMP
DS5.7
A.10.10.1
A.10.10.6
AU-1
AU-8
DS5.7
A.11.4.3
IA-3
IA-4
A.10.10.1
A.10.10.2
A.10.10.3
A.10.10.4
A.10.10.5
A.11.2.2
A.11.5.4
A.11.6.1
A.13.1.1
A.13.2.3
A.15.2.2
A.15.1.3
AU-1
AU-2
AU-3
AU-4
AU-5
AU-6
AU-7
AU-9
AU-11
AU-12
AU-14
SI-4
A.10.4.2
A.12.2.2
SC-18
DS5.5
DS5.6
DS9.2
10.1
10.2
10.3
10.5
10.6
10.7
11.4
12.5.2
12.9.5
G.7
G.8
D.1.1, D.1.3
D.1
G.20.12, I.2.5
Jericho Forum
NERC CIP
Commandment #1
Commandment #2
Commandment #3
Commandment #5
Commandment #8
8.2.1
8.2.2
Commandment #6
Commandment #7
Commandment #11
CIP-007-3 - R6.5
Commandment #1
Commandment #2
Commandment #3
Commandment #5
Commandment #11
Copyright 2011 Cloud Security Alliance. All rights reserved. You may download,
store, display on your computer, view, print, and link to the Cloud Security Alliance
Cloud Controls Matrix (CCM) at http://www.cloudsecurityalliance.org subject to the
following: (a) the Cloud Controls Matrix may be used solely for your personal,
informational, non-commercial use; (b) the Cloud Controls Matrix may not be
modified or altered in any way; (c) the Cloud Controls Matrix may not be
redistributed; and (d) the trademark, copyright or other notices may not be removed.
You may quote portions of the Cloud Controls Matrix as permitted by the Fair Use
provisions of the United States Copyright Act, provided that you attribute the portions
to the Cloud Security Alliance Cloud Controls Matrix Version 1.2 (2011). If you are
interested in obtaining a license to this material for other usages not addresses in
the copyright notice, please contact info@cloudsecurityalliance.org.
QA by the HISPI
08/20/1011
02/12/2015
13 of 13