| Control | Status | |
|---|---|---|
| Cloud Services | Mechanisms exist to facilitate the implementation of cloud management controls to ensure cloud instances are secure and in-line with industry practices. | |
| Cloud Security Architecture | Mechanisms exist to ensure the cloud security architecture supports the organization's technology strategy to securely design, configure and maintain cloud employments. | |
| Application & Program Interface (API) Security | Mechanisms exist to ensure support for secure interoperability between components with Application & Program Interfaces (APIs). | |
| Multi-Tenant Environments | Mechanisms exist to ensure multi-tenant owned or managed assets (physical and virtual) are designed and governed such that provider and customer (tenant) user access is appropriately segmented from other tenant users. | |
| Customer Responsibility Matrix (CRM) | Mechanisms exist to formally document a Customer Responsibility Matrix (CRM), delineating assigned responsibilities for controls between the Cloud Service Provider (CSP) and its customers. | |
| Geolocation Requirements for Processing, Storage and Service Locations | Mechanisms exist to control the location of cloud processing/storage based on business requirements that includes statutory, regulatory and contractual obligations. | |
| Cloud Access Security Broker (CASB) | Mechanisms exist to utilize a Cloud Access Security Broker (CASB), or similar technology, to provide boundary protection and monitoring functions that both provide access to the cloud and protect the organization from misuse of cloud resources. |