CCSP - ISO & NIST Standards

ISO/IEC 17788:2014

Information technology — Cloud computing — Overview and vocabulary

ISO/IEC 27017:2015

Provides a set of standards for not only providing cloud services, but how cloud customer information and privacy should be controlled

ISO 27018:2014

Privacy aspects of cloud computing for consumers

ISO/IEC 27034-1

Standards for Secure Application Development

ISO/IEC 27037:2012

Guide for collecting, identifying, and preserving electronic evidence

ISO/IEC 27041:2015

Guide for incident investigations

ISO/IEC 27042: 2015

Guide for digital evidence analysis

ISO/IEC 27043:2015

Incident investigation principles and processes

ISO/IEC 27050

Overview and principles for eDiscovery

ISO/IEC 27001

Information Security Management Systems (ISMSs)

ISO 28000:2007

Defines a set of security management requirements, including those that must be applied to all parties within a supply chain

ISO 31000:2009

Risk Management Frameworks

NIST 800-145

Cloud Computing Definition

NIST SP 800-37

Guide for Implementing the Risk Management Framework

NIST SP 800-53

A NIST publication written to ensure that appropriate security requirements and security controls are applied to all U.S. federal government information and information management systems.

ISO 27001:2013 A.5

Security Policy Management

ISO 27001:2013 A.6

Corporate Security Management

ISO 27001:2013 A.7

Personnel Security Management

ISO 27001:2013 A.8

Organizational Asset Management

ISO 27001:2013 A.9

Information Access Management

ISO 27001:2013 A.10

Cryptography Policy Management

ISO 27001:2013 A.11

Physical Security Management

ISO 27001:2013 A.12

Operational Security Management

ISO 27001:2013 A.13

Network Security Management

ISO 27001:2013 A.14

System Security Management

ISO 27001:2013 A.15

Supplier Relationship Management

ISO 27001:2013 A.16

Security Incident Management

ISO 27001:2013 A.17

Security Continuity Management

ISO 27001:2013 A.18

Security Compliance Management