Monday, August 16, 2010

CloudAudit Delivers – Cloud Compliance Maps

CloudAudit delivers it’s first batch of cloud compliance specifications. Quoting from the announcement:

“The CloudAudit initial distribution features five elements:

1) The CloudAudit normative specification in .txt format [cloudaudit-specification_draft.txt]
2) The CloudAudit CompliancePacks archive of .xls files which map controls/control objectives to namespaces based upon the Cloud Security Alliance Control Matrix []
3) The CloudAudit namespaces archive which represents a complete CloudAudit directory tree representation of all CompliancePacks    with placeholder index.html/manifest.xml created in each directory stub []
4) The CloudAudit Python script pack which automates the creation of the CloudAudit namespaces above  []
5) A README.txt file [this content]”


“The CompliancePacks map control objectives to specific namespace entities which are contained below and feature NIST SP800-53, PCI DSS, HIPAA, ISO27002 and COBIT compliance frameworks.  Ultimately these directories are where a Cloud Provider will store and secure the assertions and supporting materials related to each compliance framework or assertion.” [<- the bold part is kinda the whole point :-) A.C.]

Grab the mammoth itself here [ZIP].


Dr Anton Chuvakin