If you’re not familiar with CloudAudit.org:

CloudAudit and the Automated Audit, Assertion, Assessment, and Assurance API (A6)

The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.

Now, via Anton Chuvakin Blog – “Security Warrior”: CloudAudit Delivers – Cloud Compliance Maps:

CloudAudit delivers it’s first batch of cloud compliance specifications. Quoting from the announcement:

“The CompliancePacks map control objectives to specific namespace entities which are contained below and feature NIST SP800-53, PCI DSS, HIPAA, ISO27002 and COBIT compliance frameworks. Ultimately these directories are where a Cloud Provider will store and secure the assertions and supporting materials related to each compliance framework or assertion.” [<- the bold part is kinda the whole point

If you’d like to audit your cloud, give it a read.

Be Sociable, Share!

•