SM-05

SM-05 150 150 CloudGovCo
  • Develops robust security operations capabilities that continuously mature and improve.
  • Segments cloud applications by putting each application in its own VPC (Virtual Private Cloud) to dramatically lower the blast radius of any single breach.
  • Practices the principles of Security in Design.
  • Practices the principles of Privacy in Design.
  • Complies with the EU General Data Protection Regulation (GDPR.
  • Classifies data in the Business Case using the Data Classification.
  • Determines in the Business Case the Right Cloud Choice based on the Data Classification.
  • Conducts a Threat Risk Assessment.
  • Conducts a Privacy Impact Assessment.
  • Conducts a Vulnerability Assessment.
  • Conducts a CSA STAR Cloud Trust and Assurance audit.
  • Bakes security controls in cloud templates.
  • Binds configurations-as-code (CAC), security configurations, governance configurations, compliance configurations, database configurations, and testing scripts to the application code tree.
  • Bakes cost controls in cloud templates.
  • Implements REST security in application development.
  • Encrypts data in transit and at rest.
  • Ensures the implementation and maintenance of NIST Security Control Families for security and privacy at the organizational level (AC, AT, AU, CA, CM, CP, IA, IR, MA, PL, PS, RA, SA, SC, SI); IaaS and PaaS (AC, AU, CM, CP, IA, MA, SC, SI); and SaaS (AC, AU, IA, SC, SI).