Additional Cloud Controls
Controls unique to cloud environments (CLD.* clauses).
Shared roles and responsibilities within a cloud computing environment
Define and document shared security responsibilities between cloud customer and cloud service provider.
Removal of cloud service customer assets
Customer assets must be removed and returned within agreed timeframes when the cloud service contract terminates.
Segregation in virtual computing environments
Customer's virtual environment running on cloud infrastructure must be segregated from other customers and the provider.
Virtual machine hardening
Virtual machines should be hardened to meet business needs.
Administrator's operational security
Procedures for administrative operations of a cloud service should be defined, documented, and monitored.
Monitoring of cloud services
Customer should have capability to monitor specified aspects of operation of cloud services it uses.
Alignment of security management for virtual and physical networks
Configuration of virtual networks should be aligned with the information security policy of the physical network.