Filter

Infrastructure and Virtualization Security (IVS)

Level N/A

Monitor, encrypt and restrict communications between environments to only authenticated and authorized connections, as justified by the business. Review these configurations at least annually, and support them by a documented justification of all allowed services, protocols, ports, and compensating controls.


Login

Infrastructure and Virtualization Security (IVS)

Harden host and guest OS, hypervisor or infrastructure control plane according to their respective best practices, and supported by technical controls, as part of a security baseline.


Login

Infrastructure and Virtualization Security (IVS)

Separate production and non-production environments.


Login

Infrastructure and Virtualization Security (IVS)

Design, develop, deploy and configure applications and infrastructures such that CSP and CSC (tenant) user access and intra-tenant access is appropriately segmented and segregated, monitored and restricted from other tenants.


Login

Infrastructure and Virtualization Security (IVS)

Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols.


Login

Infrastructure and Virtualization Security (IVS)

Identify and document high-risk environments.


Login

Infrastructure and Virtualization Security (IVS)

Level N/A

Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks.


Login

Logging and Monitoring (LOG)

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually.


Login

Logging and Monitoring (LOG)

Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs.


Login

Logging and Monitoring (LOG)

Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics.


Login