PM-02 150 150 CloudGovCo
  • Sets security, data retention, gateway, and routing strategies and policies so delivery teams have the information they need to enable control over the cloud environment as it grows.
  • Includes taxonomy and naming conventions as part of the metrics, monitoring, and chargeback implementation to provide graphical dashboards with near real-time information.
  • Identifies a network connectivity strategy for cloud services.
  • Outlines cloud components (services/features) that will be used.
  • Defines security controls (native vs. third-party tools).[1] [2] [3]
  • Defines data security and retention policies (encryption, backups, snapshots, third-party tools).
  • Creates and works toward an automated deployment process to reduce the impact of human error and to introduce portability.
  • Creates a Cloud Operational Playbook.
  • Outlines a monitoring strategy.
  • Outlines a logging strategy that validates that the logging system can manage the required amount of information.
  • Creates a strategy for resource tracking as part of the implementation architecture, ensuring that resources are appropriately tagged at the time of deployment. This can also be extended into tagging for cost allocation.
  • Chooses a strategy to organize application environments so they do not develop in an ad hoc

[1] AWS CAF Security Perspective

[2] NIST 800-53

[3] NIST 800-160 System Security Engineering