SM-04

SM-04 150 150 CloudGovCo
  • Periodically assesses risk and Identifies Cloud Risks and security concerns.
  • Develops a Cloud Security Plan for the cloud.
  • Establishes a security management structure and clearly assigns security responsibilities.
  • Implements effective security related personnel policies.
  • Monitors the security program’s effectiveness and makes changes as necessary.
  • Ensures the security program is documented so it can be audited.
  • Develops the principles of Right Cloud Choice.
  • Develops and maintains criteria for Data Classification.
  • Maintains and controls the use of third-party libraries.