Infrastructure and Virtualization Security Policy and Procedures from Cloud Controls Matrix framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Audit and Assurance
Application and Interface Security
Business Continuity Management and Operational Resilience
Change Management Policy and Procedures
People
Datacenter Security
Data Security and Privacy Lifecycle Management
Governance, Risk and Compliance
Human Resources
Identity and Access Management
Interoperability and Portability
Infrastructure and Virtualization Security
Logging and Monitoring
Security Incident Management, E-Discovery, and Cloud Forensics
Supply Chain Management, Transparency, and Accountability
Threat and Vulnerability Management
Universal Endpoint Management

IVS-01: Infrastructure and Virtualization Security Policy and Procedures

Infrastructure and Virtualization Security Policy and Procedures

IVS-01: Are infrastructure and virtualization security policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained?

Infrastructure Virtualization Security Policy and Procedures should include, but are not limited to:
a. Governance and control VM lifecycle management.
b. Storage restriction of VM images and snapshots.
c. Backup and failover systems.
d. Tagging for the VM based on sensitivity / risk level.
e. A formal change management process for creation, storage, and use of VM images. Approve changes only when necessary.
f. Consistent security policy and configuration across the physical/virtual network.
g. Implementation of security technologies that span physical and virtual environments with a consistent policy management and enforcement framework.
To implement security technologies that span physical and virtual environments with a consistent policy management and enforcement framework.
h. Firewalls, whether physical or virtual, to isolate groups of VMs from other hosted groups.
i. Design and implementation access from each trust level to physical and virtual management and security systems.

Description

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for infrastructure and virtualization security. Review and update the policies and procedures at least annually.

Infrastructure and Virtualization Security Policy and Procedures

IVS-01: Are infrastructure and virtualization security policies and procedures reviewed and updated at least annually?