,,CLOUDCONTROLSMATRIXVERSION4.0云控制矩陣v4,,,,,,,,,,,,,,,,,,,,,,,

,,,,,,,,"TypicalControlApplicabilityandOwnership

(CSP-Owned,CSC-Owned,Shared)

典型控制項(xiàng)的應(yīng)用性和所有權(quán)

(云服務(wù)提供商所有，云服務(wù)客戶所有，共享)",,,"ArchitecturalRelevance-CloudStackComponents

架構(gòu)相關(guān)性-云棧組件",,,,,,"OrganizationalRelevance

組織相關(guān)性",,,,,,,,

ControlDomain,控制域,"ControlTitle

控制措施名稱",,"ControlID

控制措施編號(hào)","UpdatedControlSpecification

更新的控制措施規(guī)范",,翻譯備注,"IaaS

基礎(chǔ)架構(gòu)即服務(wù)","PaaS

平臺(tái)即服務(wù)","SaaS

軟件即服務(wù)","Phys

物理","Network

網(wǎng)絡(luò)","Compute

計(jì)算","Storage

存儲(chǔ)","App

應(yīng)用","Data

數(shù)據(jù)","Cybersecurity

網(wǎng)絡(luò)安全","InternalAudit

內(nèi)審","ArchitectureTeam

架構(gòu)團(tuán)隊(duì)","SWDevelopment

軟件開(kāi)發(fā)","Operations

運(yùn)營(yíng)","Legal/Privacy

法律/隱私","GRCTeam

GRC團(tuán)隊(duì)","SupplyChainManagement

供應(yīng)鏈管理","HR

人力資源"

Audit&Assurance-A&A審計(jì)&保障,,,,,,,,,,,,,,,,,,,,,,,,,

Audit&Assurance,審計(jì)&保障,"AuditandAssurancePolicyandProcedures

審計(jì)與保障策略及規(guī)程",,A&A-01,"Establish,document,approve,communicate,apply,evaluateandmaintainauditandassurancepoliciesandproceduresandstandards.Reviewandupdatethepoliciesandproceduresatleastannually.

建立、記錄、批準(zhǔn)、溝通、應(yīng)用、評(píng)估和維護(hù)審計(jì)和保障策略、規(guī)程和標(biāo)準(zhǔn)。至少每年一次審查和更新公司的策略和規(guī)程。",,"policy政策-->策略

procedure流程-->規(guī)程

procedure程序-->規(guī)程

apply申請(qǐng)-->應(yīng)用",Shared,Shared,Shared,TRUE,FALSE,FALSE,FALSE,TRUE,TRUE,FALSE,FALSE,FALSE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE

Audit&Assurance,審計(jì)&保障,"IndependentAssessments

獨(dú)立評(píng)估",,A&A-02,"Conductindependentauditandassuranceassessmentsaccordingtorelevantstandardsatleastannually.

每年至少一次，根據(jù)相關(guān)標(biāo)準(zhǔn)進(jìn)行獨(dú)立審計(jì)和保障評(píng)估",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE

Audit&Assurance,審計(jì)&保障,"RiskBasedPlanningAssessment

基于風(fēng)險(xiǎn)的規(guī)劃評(píng)估",,A&A-03,"Performindependentauditandassuranceassessmentsaccordingtorisk-basedplansandpolicies.

根據(jù)基于風(fēng)險(xiǎn)的規(guī)劃和策略執(zhí)行獨(dú)立的審計(jì)和保證評(píng)估",,policy政策-->策略,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE

Audit&Assurance,審計(jì)&保障,"

RequirementsCompliance

需求合規(guī)",,A&A-04,"Verifycompliancewithallrelevantstandards,regulations,legal/contractual,andstatutoryrequirementsapplicabletotheaudit.

對(duì)所有適用于審計(jì)的相關(guān)標(biāo)準(zhǔn)、法規(guī)、法律/合同和法定要求驗(yàn)證合規(guī)",,audit審核-->審計(jì),Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,FALSE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE

Audit&Assurance,審計(jì)&保障,"AuditManagementProcess

審計(jì)管理流程",,A&A-05,"DefineandimplementanAuditManagementprocesstosupportauditplanning,riskanalysis,securitycontrolassessment,conclusion,remediationschedules,reportgeneration,andreviewofpastreportsandsupportingevidence.

定義和實(shí)施審計(jì)管理流程，以支持審計(jì)計(jì)劃、風(fēng)險(xiǎn)分析、安全控制評(píng)估、結(jié)論、修復(fù)計(jì)劃、報(bào)告生成，以及對(duì)過(guò)去報(bào)告和相關(guān)證據(jù)的審查。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

Audit&Assurance,審計(jì)&保障,"Remediation

修復(fù)措施",,A&A-06,"Establish,document,approve,communicate,apply,evaluateandmaintainarisk-basedcorrectiveactionplantoremediateauditfindings,reviewandreportremediationstatustorelevantstakeholders.

建立、記錄、批準(zhǔn)、溝通、應(yīng)用、評(píng)估和維護(hù)基于風(fēng)險(xiǎn)的糾正行動(dòng)計(jì)劃，以修復(fù)審計(jì)發(fā)現(xiàn)，審查并向相關(guān)利益相關(guān)者報(bào)告修復(fù)措施狀況。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,FALSE,TRUE,FALSE

Application&InterfaceSecurity-AIS應(yīng)用程序和接口安全,,,,,,,,,,,,,,,,,,,,,,,,,

Application&InterfaceSecurity,應(yīng)用程序和接口安全,"ApplicationandInterfaceSecurityPolicyandProcedures

應(yīng)用程序和接口安全策略和規(guī)程",,AIS-01,"Establish,document,approve,communicate,apply,evaluateandmaintainpoliciesandproceduresforapplicationsecuritytoprovideguidancetotheappropriateplanning,deliveryandsupportoftheorganization'sapplicationsecuritycapabilities.Reviewandupdatethepoliciesandproceduresatleastannually.

建立、記錄、批準(zhǔn)、溝通、申請(qǐng)、評(píng)估和維護(hù)應(yīng)用程序安全策略和規(guī)程，為組織的應(yīng)用程序安全能力的適當(dāng)規(guī)劃、交付和支持提供指導(dǎo)。每年至少一次審查和更新公司的策略和規(guī)程。",,"policy政策-->策略

procedure程序-->規(guī)程

apply申請(qǐng)-->應(yīng)用（York0321）",Shared,CSC-Owned,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

Application&InterfaceSecurity,應(yīng)用程序和接口安全,"ApplicationSecurityBaselineRequirements

應(yīng)用程序安全基線需求",,AIS-02,"Establish,documentandmaintainbaselinerequirementsforsecuringdifferentapplications.

建立、記錄和維護(hù)保護(hù)不同應(yīng)用程序的基線要求。",,baseline基本-->基線,Shared,Shared,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,FALSE

Application&InterfaceSecurity,應(yīng)用程序和接口安全,"ApplicationSecurityMetrics

應(yīng)用程序安全指標(biāo)",,AIS-03,"Defineandimplementtechnicalandoperationalmetricsinalignmentwithbusinessobjectives,securityrequirements,andcomplianceobligations.

根據(jù)業(yè)務(wù)目標(biāo)、安全需求和合規(guī)義務(wù)，定義和實(shí)施技術(shù)和運(yùn)營(yíng)的指標(biāo)。",,,Shared,Shared,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,FALSE

Application&InterfaceSecurity,應(yīng)用程序和接口安全,"SecureApplicationDesignandDevelopment

應(yīng)用程序安全設(shè)計(jì)和安全開(kāi)發(fā)",,AIS-04,"DefineandimplementaSDLCprocessforapplicationdesign,development,deployment,andoperationinaccordancewithsecurityrequirementsdefinedbytheorganization.

根據(jù)組織定義的安全需求，定義并實(shí)施應(yīng)用程序設(shè)計(jì)、開(kāi)發(fā)、部署和運(yùn)營(yíng)的SDLC流程",,,Shared,Shared,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,TRUE

Application&InterfaceSecurity,應(yīng)用程序和接口安全,"AutomatedApplicationSecurityTesting

自動(dòng)化應(yīng)用程序安全測(cè)試",,AIS-05,"Implementatestingstrategy,includingcriteriaforacceptanceofnewinformationsystems,upgradesandnewversions,whichprovidesapplicationsecurityassuranceandmaintainscompliancewhileenablingorganizationalspeedofdeliverygoals.Automatewhenapplicableandpossible.

實(shí)施一個(gè)測(cè)試戰(zhàn)略，包括新的信息系統(tǒng)、升級(jí)和新版本的接受準(zhǔn)則，這提供了應(yīng)用程序的安全保障，并在實(shí)現(xiàn)組織交付速度目標(biāo)的同時(shí)保持符合性。在適用和可能的情況下，自動(dòng)化。",,strategy策略-->戰(zhàn)略（York0321為了和policy區(qū)分，此處永戰(zhàn)略，對(duì)應(yīng)戰(zhàn)術(shù)Tactics）,Shared,Shared,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,FALSE

Application&InterfaceSecurity,應(yīng)用程序和接口安全,"AutomatedSecureApplicationDeployment

自動(dòng)化應(yīng)用程序安全部署",,AIS-06,"Establishandimplementstrategiesandcapabilitiesforsecure,standardized,andcompliantapplicationdeployment.Automatewherepossible.

為安全、標(biāo)準(zhǔn)化和兼容的應(yīng)用程序部署建立和實(shí)施戰(zhàn)略和能力。盡可能自動(dòng)化。",,strategy策略-->戰(zhàn)略（York0321為了和policy區(qū)分，此處永戰(zhàn)略，對(duì)應(yīng)戰(zhàn)術(shù)Tactics）,Shared,Shared,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,FALSE

Application&InterfaceSecurity,應(yīng)用程序和接口安全,"ApplicationVulnerabilityRemediation

應(yīng)用程序脆弱性修復(fù)措施",,AIS-07,"Defineandimplementaprocesstoremediateapplicationsecurityvulnerabilities,automatingremediationwhenpossible.

定義并實(shí)施修復(fù)應(yīng)用程序安全脆弱性的過(guò)程，并在可能時(shí)自動(dòng)化修復(fù)。",,"process流程-->過(guò)程

vulnerability漏洞-->脆弱性",Shared,Shared,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagementandOperationalResilience-BCR業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)韌性,,,,,,,,,,,,,,,,,,,,,,,,,

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"BusinessContinuityManagementPolicyandProcedures

業(yè)務(wù)連續(xù)性管理策略和規(guī)程",,BCR-01,"Establish,document,approve,communicate,apply,evaluateandmaintainbusinesscontinuitymanagementandoperationalresiliencepoliciesandprocedures.Reviewandupdatethepoliciesandproceduresatleastannually.

建立、歸檔、批準(zhǔn)、溝通、應(yīng)用、評(píng)估和維護(hù)業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)韌性策略和規(guī)程。每年至少審查和更新公司的策略和規(guī)程。",,"policy政策-->策略

procedure程序-->規(guī)程

apply申請(qǐng)-->應(yīng)用",Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"RiskAssessmentandImpactAnalysis

風(fēng)險(xiǎn)評(píng)估和影響分析",,BCR-02,"Determinetheimpactofbusinessdisruptionsandriskstoestablishcriteriafordevelopingbusinesscontinuityandoperationalresiliencestrategiesandcapabilities.

確定業(yè)務(wù)中斷的風(fēng)險(xiǎn)和影響，為開(kāi)發(fā)業(yè)務(wù)連續(xù)性和運(yùn)營(yíng)韌性策略和能力建立標(biāo)準(zhǔn)。",,resilience彈性-->韌性,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"BusinessContinuityStrategy

業(yè)務(wù)連續(xù)性策略",,BCR-03,"Establishstrategiestoreducetheimpactof,withstand,andrecoverfrombusinessdisruptionswithinriskappetite.

在風(fēng)險(xiǎn)偏好范圍內(nèi)建立戰(zhàn)略，以減少、抵御和恢復(fù)業(yè)務(wù)中斷的影響。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"BusinessContinuityPlanning

業(yè)務(wù)連續(xù)性規(guī)劃",,BCR-04,"Establish,document,approve,communicate,apply,evaluateandmaintainabusinesscontinuityplanbasedontheresultsoftheoperationalresiliencestrategiesandcapabilities.

建立、記錄、批準(zhǔn)、溝通、應(yīng)用、評(píng)估和維護(hù)基于運(yùn)營(yíng)韌性策略和能力結(jié)果的業(yè)務(wù)連續(xù)性規(guī)劃。",,apply申請(qǐng)-->應(yīng)用,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"Documentation

文檔記錄",,BCR-05,"Develop,identify,andacquiredocumentationthatisrelevanttosupportthebusinesscontinuityandoperationalresilienceprograms.Makethedocumentationavailabletoauthorizedstakeholdersandreviewperiodically.

開(kāi)發(fā)、識(shí)別和獲取與支持業(yè)務(wù)連續(xù)性和運(yùn)營(yíng)韌性計(jì)劃相關(guān)的文件。將文件提供給授權(quán)的利益相關(guān)者，并定期審查。",,resilience彈性-->韌性,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"BusinessContinuityExercises

業(yè)務(wù)連續(xù)性的演習(xí)",,BCR-06,"Exerciseandtestbusinesscontinuityandoperationalresilienceplansatleastannuallyoruponsignificantchanges.

至少每年或在重大變更時(shí)，對(duì)業(yè)務(wù)連續(xù)性和運(yùn)營(yíng)韌性計(jì)劃進(jìn)行測(cè)試和演習(xí)。",,resilience彈性-->韌性,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"Communication

溝通",,BCR-07,"Establishcommunicationwithstakeholdersandparticipantsinthecourseofbusinesscontinuityandresilienceprocedures.

在業(yè)務(wù)連續(xù)性和韌性規(guī)程的過(guò)程中與利益相關(guān)者和參與者建立溝通。",,"procedure程序-->規(guī)程

resilience彈性-->韌性(York0321）",Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"Backup

備份",,BCR-08,"Periodicallybackupdatastoredinthecloud.Ensuretheconfidentiality,integrityandavailabilityofthebackup,andverifydatarestorationfrombackupforresiliency.

定期備份存儲(chǔ)在云中的數(shù)據(jù)。確保備份的機(jī)密性、完整性和可用性；并為了韌性，驗(yàn)證從備份恢復(fù)的數(shù)據(jù)。",,resilience彈性-->韌性(York0321）,Shared,Shared,Shared,FALSE,FALSE,FALSE,TRUE,FALSE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"DisasterResponsePlan

災(zāi)難響應(yīng)計(jì)劃",,BCR-09,"Establish,document,approve,communicate,apply,evaluateandmaintainadisasterresponseplantorecoverfromnaturalandman-madedisasters.Updatetheplanatleastannuallyoruponsignificantchanges.

建立、記錄、批準(zhǔn)、溝通、應(yīng)用、評(píng)估和維護(hù)災(zāi)難響應(yīng)計(jì)劃，以從自然和人為災(zāi)害中恢復(fù)。至少每年更新一次計(jì)劃，或在重大變更時(shí)更新。",,apply申請(qǐng)-->應(yīng)用,CSP-Owned,CSP-Owned,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"ResponsePlanExercise

響應(yīng)計(jì)劃演習(xí)",,BCR-10,"Exercisethedisasterresponseplanannuallyoruponsignificantchanges,includingifpossiblelocalemergencyauthorities.

每年或發(fā)生重大變化時(shí)演練災(zāi)難響應(yīng)計(jì)劃，如果可能，聯(lián)合當(dāng)?shù)貞?yīng)急官方機(jī)構(gòu)",,"authorities機(jī)構(gòu)-->官方機(jī)構(gòu)（York0321）

including包括-->聯(lián)合（York0321，包括詞義更準(zhǔn)確，但在國(guó)內(nèi)，聯(lián)合更符合實(shí)際）",CSP-Owned,CSP-Owned,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

BusinessContinuityManagement&OperationalResilience,業(yè)務(wù)連續(xù)性管理和運(yùn)營(yíng)彈性,"EquipmentRedundancy

設(shè)備冗余",,BCR-11,"Supplementbusiness-criticalequipmentwithredundantequipmentindependentlylocatedatareasonableminimumdistanceinaccordancewithapplicableindustrystandards.

根據(jù)適用的行業(yè)標(biāo)準(zhǔn)，用獨(dú)立設(shè)置的、合理的最小距離的冗余設(shè)備補(bǔ)充關(guān)鍵業(yè)務(wù)設(shè)備。",,,CSP-Owned,CSP-Owned,CSP-Owned,TRUE,TRUE,TRUE,TRUE,FALSE,FALSE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,TRUE,TRUE,FALSE

ChangeControlandConfigurationManagement-CCC變更控制和配置管理,,,,,,,,,,,,,,,,,,,,,,,,,

ChangeControl&ConfigurationManagement,變更控制和配置管理,"ChangeManagementPolicyandProcedures

變更管理策略和規(guī)程",,CCC-01,"Establish,document,approve,communicate,apply,evaluateandmaintainpoliciesandproceduresformanagingtherisksassociatedwithapplyingchangestoorganizationassets,includingapplication,systems,infrastructure,configuration,etc.,regardlessofwhethertheassetsaremanagedinternallyorexternally(i.e.,outsourced).Reviewandupdatethepoliciesandproceduresatleastannually.

建立、記錄、批準(zhǔn)、溝通、應(yīng)用、評(píng)估和維護(hù)用于變更管理的策略和規(guī)程，為管理申請(qǐng)變更對(duì)組織的相關(guān)風(fēng)險(xiǎn)，包括應(yīng)用程序、系統(tǒng)、基礎(chǔ)設(shè)施、配置等，無(wú)論資產(chǎn)是在內(nèi)部管理還是在外部管理（即外包）。至少每年審查和更新公司的策略和規(guī)程。",,"policy政策-->策略

procedure程序-->規(guī)程

apply申請(qǐng)-->應(yīng)用（York0321）",Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"QualityTesting

質(zhì)量測(cè)試",,CCC-02,"Followadefinedqualitychangecontrol,approvalandtestingprocesswithestablishedbaselines,testing,andreleasestandards.

遵循已制定的質(zhì)量變更控制、批準(zhǔn)和測(cè)試過(guò)程，以及已建立的基線、測(cè)試和發(fā)布標(biāo)準(zhǔn)。",,process流程-->過(guò)程,CSP-Owned,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"ChangeManagementTechnology

變更管理技術(shù)",,CCC-03,"Managetherisksassociatedwithapplyingchangestoorganizationassets,includingapplication,systems,infrastructure,configuration,etc.,regardlessofwhethertheassetsaremanagedinternallyorexternally(i.e.,outsourced).

通過(guò)變更管理技術(shù)來(lái)管理組織資產(chǎn)變更相關(guān)的風(fēng)險(xiǎn)，包括應(yīng)用程序、系統(tǒng)、基礎(chǔ)架構(gòu)、配置等，無(wú)論資產(chǎn)是內(nèi)部管理的還是外部管理的（即外包）。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,FALSE,FALSE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"UnauthorizedChangeProtection

未經(jīng)授權(quán)的變更保護(hù)",,CCC-04,"Restricttheunauthorizedaddition,removal,update,andmanagementoforganizationassets.

實(shí)施變更管理技術(shù)，限制未經(jīng)授權(quán)添加、刪除、更新和管理組織資產(chǎn)。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,FALSE,TRUE,FALSE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"ChangeAgreements

變更協(xié)議",,CCC-05,"IncludeprovisionslimitingchangesdirectlyimpactingCSCsownedenvironments/tenantstoexplicitlyauthorizedrequestswithinservicelevelagreementsbetweenCSPsandCSCs.

對(duì)于直接影響客戶環(huán)境或租戶環(huán)境的變更，在云服務(wù)提供商（CSP）和云服務(wù)客戶（CSC）間的服務(wù)水平協(xié)議中，要包含限制條款，以明確授權(quán)請(qǐng)求。",,,CSP-Owned,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,FALSE,FALSE,TRUE,TRUE,FALSE,FALSE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"ChangeManagementBaseline

變更管理基線",,CCC-06,"Establishchangemanagementbaselinesforallrelevantauthorizedchangesonorganizationassets.

對(duì)于所有組織資產(chǎn)的變更授權(quán)建立變更管理基線。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"DetectionofBaselineDeviation

基線偏離檢測(cè)",,CCC-07,"Implementdetectionmeasureswithproactivenotificationincaseofchangesdeviatingfromtheestablishedbaseline.

實(shí)施基線偏離檢測(cè)，在在發(fā)生偏離既定基線的變化時(shí)主動(dòng)告警。",,,CSP-Owned,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,FALSE,TRUE,FALSE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"ExceptionManagement

例外管理",,CCC-08,"Implementaprocedureforthemanagementofexceptions,includingemergencies,inthechangeandconfigurationprocess.AligntheprocedurewiththerequirementsofGRC-04:PolicyExceptionProcess.

在變更和配置過(guò)程中實(shí)施一個(gè)例外管理規(guī)程（包括緊急情況）。該規(guī)程與“GRC-04：策略例外過(guò)程”的要求一致。",,"process程序-->過(guò)程

policyexceptionprocess策略異常流程-->策略例外過(guò)程

（process翻做流程非常常見(jiàn)，知識(shí)GB用了過(guò)程，procedure需要與之區(qū)別，暫沿用CCM3.1中的規(guī)程-York0321）",Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE

ChangeControl&ConfigurationManagement,變更控制和配置管理,"ChangeRestoration

變更恢復(fù)",,CCC-09,"Defineandimplementaprocesstoproactivelyrollbackchangestoapreviousknowngoodstateincaseoferrorsorsecurityconcerns.

定義并實(shí)施過(guò)程，在變更出現(xiàn)錯(cuò)誤或安全問(wèn)題時(shí)主動(dòng)回退，并將系統(tǒng)/服務(wù)恢復(fù)到上一個(gè)已知的良好狀態(tài)。",,process流程-->過(guò)程,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,FALSE,FALSE,TRUE,FALSE,FALSE

"Cryptography,Encryption&KeyManagement密碼學(xué)、加密與密鑰管理",,,,,,,,,,,,,,,,,,,,,,,,,

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"EncryptionandKeyManagementPolicyandProcedures

加密與密鑰管理的策略及規(guī)程",,CEK-01,"Establish,document,approve,communicate,apply,evaluateandmaintainpoliciesandproceduresforCryptography,EncryptionandKeyManagement.Reviewandupdatethepoliciesandproceduresatleastannually.

制定、記錄、批準(zhǔn)、交流、應(yīng)用、評(píng)估和維護(hù)密碼學(xué)、加密與密鑰管理的策略及規(guī)程。至少每年審查和更新策略及規(guī)程。",,policy政策-->策略,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"CEKRolesandResponsibilities

密碼學(xué)、加密與密鑰管理的角色及責(zé)任",,CEK-02,"Defineandimplementcryptographic,encryptionandkeymanagementrolesandresponsibilities.

定義并實(shí)施密碼學(xué)、加密與密鑰管理的角色及責(zé)任。",,"Define闡明-->定義

roles作用-->角色（York0321）",Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"DataEncryption

數(shù)據(jù)加密",,CEK-03,"Providecryptographicprotectiontodataat-restandin-transit,usingcryptographiclibrariescertifiedtoapprovedstandards.

使用經(jīng)過(guò)標(biāo)準(zhǔn)認(rèn)證的密碼（算法）庫(kù)，為靜態(tài)和傳輸中的數(shù)據(jù)提供密碼保護(hù)。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"EncryptionAlgorithm

加密算法",,CEK-04,"Useencryptionalgorithmsthatareappropriatefordataprotection,consideringtheclassificationofdata,associatedrisks,andusabilityoftheencryptiontechnology.

考慮數(shù)據(jù)分級(jí)、相關(guān)風(fēng)險(xiǎn)和加密技術(shù)的可用性，使用適合數(shù)據(jù)保護(hù)的加密算法。",,classification分類-->分級(jí),Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"EncryptionChangeManagement

加密變更管理",,CEK-05,"Establishastandardchangemanagementprocedure,toaccommodatechangesfrominternalandexternalsources,forreview,approval,implementationandcommunicationofcryptographic,encryptionandkeymanagementtechnologychanges.

建立標(biāo)準(zhǔn)的變更管理規(guī)程，以適應(yīng)來(lái)自內(nèi)部和外部的變更，用于審查、批準(zhǔn)、實(shí)施和通報(bào)密碼學(xué)、加密與密鑰管理技術(shù)的變更。",,procedure程序-->規(guī)程,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"EncryptionChangeCostBenefitAnalysis

加密變更成本效益分析",,CEK-06,"Manageandadoptchangestocryptography-,encryption-,andkeymanagement-relatedsystems(includingpoliciesandprocedures)thatfullyaccountfordownstreameffectsofproposedchanges,includingresidualrisk,cost,andbenefitsanalysis.

管理和采用對(duì)密碼學(xué)、加密與密鑰管理相關(guān)系統(tǒng)（包括策略及規(guī)程）的變更，以充分考慮擬議變更的下游影響，包括剩余風(fēng)險(xiǎn)、成本和效益分析。",,policy政策-->策略,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"EncryptionRiskManagement

加密風(fēng)險(xiǎn)管理",,CEK-07,"Establishandmaintainanencryptionandkeymanagementriskprogramthatincludesprovisionsforriskassessment,risktreatment,riskcontext,monitoring,andfeedback.

建立并維護(hù)一個(gè)加密和密鑰管理風(fēng)險(xiǎn)程序，包括風(fēng)險(xiǎn)評(píng)估、風(fēng)險(xiǎn)處理、風(fēng)險(xiǎn)關(guān)聯(lián)、監(jiān)控和反饋的規(guī)定。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"CSCKeyManagementCapabiility

云服務(wù)客戶密鑰管理能力",,CEK-08,"CSPsmustprovidethecapabilityforCSCstomanagetheirowndataencryptionkeys.

云服務(wù)提供商（CSP）必須為云服務(wù)客戶（CSC）提供管理自己的數(shù)據(jù)加密密鑰的能力。",,"CSP-->云服務(wù)提供商（CSP）

CSC-->客戶（CSC）",Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"EncryptionandKeyManagementAudit

加密與密鑰管理審計(jì)",,CEK-09,"Auditencryptionandkeymanagementsystems,policies,andprocesseswithafrequencythatisproportionaltotheriskexposureofthesystemwithauditoccurringpreferablycontinuouslybutatleastannuallyandafteranysecurityevent(s).

審計(jì)加密和密鑰管理系統(tǒng)、策略和規(guī)程的頻率與系統(tǒng)的風(fēng)險(xiǎn)暴露程度成正比，審計(jì)最好是連續(xù)進(jìn)行，但至少每年一次，并在任何安全事態(tài)后進(jìn)行。",,"policy政策-->策略

event事件-->事態(tài)（國(guó)標(biāo)是這么說(shuō)，但感覺(jué)事件甚至事故更為符合語(yǔ)境York0321）",Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyGeneration

密鑰生成",,CEK-10,"GenerateCryptographickeysusingindustryacceptedcryptographiclibrariesspecifyingthealgorithmstrengthandtherandomnumbergeneratorused.

使用行業(yè)認(rèn)可的密碼（算法）庫(kù)生成加密密鑰，指定算法強(qiáng)度和使用的隨機(jī)數(shù)生成器。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyPurpose

密鑰用途",,CEK-11,"Managecryptographicsecretandprivatekeysthatareprovisionedforauniquepurpose.

管理為特殊用途而準(zhǔn)備的密鑰和私鑰。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyRotation

密鑰輪換",,CEK-12,"Rotatecryptographickeysinaccordancewiththecalculatedcryptoperiod,whichincludesprovisionsforconsideringtheriskofinformationdisclosureandlegalandregulatoryrequirements.

按照計(jì)算出的加密周期輪換密鑰，其中包括考慮信息披露風(fēng)險(xiǎn)和法律及監(jiān)管要求的規(guī)定。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyRevocation

密鑰吊銷(xiāo)",,CEK-13,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestorevokeandremovecryptographickeyspriortotheendofitsestablishedcryptoperiod,whenakeyiscompromised,oranentityisnolongerpartoftheorganization,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估在既定的加密期結(jié)束前、在密鑰泄密時(shí)或在某一實(shí)體不再是組織的一部分時(shí)，吊銷(xiāo)及刪除密鑰的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,compromise失密-->泄密,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyDestruction

密鑰銷(xiāo)毀",,CEK-14,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestodestroykeysstoredoutsideasecureenvironmentandrevokekeysstoredinHardwareSecurityModules(HSMs)whentheyarenolongerneeded,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估銷(xiāo)毀儲(chǔ)存在安全環(huán)境之外的密鑰和在不再需要時(shí)撤銷(xiāo)儲(chǔ)存在硬件安全模塊中的密鑰的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyActivation

密鑰激活",,CEK-15,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestocreatekeysinapre-activatedstatewhentheyhavebeengeneratedbutnotauthorizedforuse,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估在密鑰已生成但未被授權(quán)使用時(shí)，在預(yù)激活狀態(tài)下生成密鑰的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeySuspension

密鑰暫停",,CEK-16,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestomonitor,reviewandapprovekeytransitionsfromanystateto/fromsuspension,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估監(jiān)測(cè)、審查和批準(zhǔn)密鑰從任何狀態(tài)到/從暫停狀態(tài)的關(guān)鍵過(guò)渡的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,fromanystateto/fromsuspension是否翻譯成任何狀態(tài)和暫停狀態(tài)相互轉(zhuǎn)換,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyDeactivation

密鑰注銷(xiāo)",,CEK-17,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestodeactivatekeysatthetimeoftheirexpirationdate,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估在密鑰到期時(shí)停用密鑰的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,keys鑰匙-->密鑰（York0321）,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyArchival

密鑰歸檔",,CEK-18,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestomanagearchivedkeysinasecurerepositoryrequiringleastprivilegeaccess,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估管理需要最低權(quán)限訪問(wèn)的安全儲(chǔ)存庫(kù)中已歸檔密鑰的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyCompromise

密鑰泄露",,CEK-19,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestousecompromisedkeystoencryptinformationonlyincontrolledcircumstance,andthereafterexclusivelyfordecryptingdataandneverforencryptingdata,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估僅在受控情況下使用泄露密鑰對(duì)信息進(jìn)行加密，及此后僅用于對(duì)數(shù)據(jù)進(jìn)行解密，絕不用于對(duì)數(shù)據(jù)進(jìn)行加密的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,compromise失密-->泄密,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyRecovery

密鑰找回",,CEK-20,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasurestoassesstherisktooperationalcontinuityversustheriskofthekeyingmaterialandtheinformationitprotectsbeingexposedifcontrolofthekeyingmaterialislost,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估，在失去對(duì)密鑰材料的控制時(shí)，運(yùn)營(yíng)連續(xù)性風(fēng)險(xiǎn)與密鑰材料及其保護(hù)的信息暴露風(fēng)險(xiǎn)的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,keyingmaterial-->密鑰材料（GB_T+25069-2010）,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

"Cryptography,Encryption&KeyManagement",密碼學(xué)、加密與密鑰管理,"KeyInventoryManagement

密鑰清單管理",,CEK-21,"Define,implementandevaluateprocesses,proceduresandtechnicalmeasuresinorderforthekeymanagementsystemtotrackandreportallcryptographicmaterialsandchangesinstatus,whichincludeprovisionsforlegalandregulatoryrequirements.

定義、實(shí)施和評(píng)估使密鑰管理系統(tǒng)能夠跟蹤和報(bào)告所有密碼材料和狀態(tài)的變化的過(guò)程、規(guī)程和技術(shù)措施，其中包括法律和監(jiān)管要求的規(guī)定。",,cryptographic加密-->密碼（York0321）,Shared,Shared,Shared,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE

DatacenterSecurity-DCS數(shù)據(jù)中心安全,,,,,,,,,,,,,,,,,,,,,,,,,

DatacenterSecurity,數(shù)據(jù)中心安全,"Off-SiteEquipmentDisposalPolicyandProcedures

場(chǎng)外設(shè)備處置的策略和規(guī)程",,DCS-01,"Establish,document,approve,communicate,apply,evaluateandmaintainpoliciesandproceduresforthesecuredisposalofequipmentusedoutsidetheorganization'spremises.Iftheequipmentisnotphysicallydestroyedadatadestructionprocedurethatrendersrecoveryofinformationimpossiblemustbeapplied.Reviewandupdatethepoliciesandproceduresatleastannually.

建立、記錄、批準(zhǔn)、溝通、應(yīng)用、評(píng)估和維護(hù)用于安全處置組織場(chǎng)所以外設(shè)備的策略和規(guī)程。如果設(shè)備未被物理銷(xiāo)毀，則必須采用數(shù)據(jù)銷(xiāo)毀規(guī)程，使信息無(wú)法恢復(fù)。每年至少審查和更新公司的策略和規(guī)程。",,"policy政策-->策略

procedure程序-->規(guī)程

apply申請(qǐng)-->應(yīng)用",CSP-Owned,CSP-Owned,CSP-Owned,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,TRUE,FALSE,TRUE,TRUE,TRUE,FALSE,FALSE

DatacenterSecurity,數(shù)據(jù)中心安全,"Off-SiteTransferAuthorizationPolicyandProcedures

場(chǎng)外傳輸授權(quán)的策略和規(guī)程",,DCS-02,"Establish,document,approve,communicate,apply,evaluateandmaintainpoliciesandproceduresfortherelocationortransferofhardware,software,ordata/informationtoanoffsiteoralternatelocation.Therelocationor