Cloud Security
Manage security for cloud services and infrastructure.
9 of 9 frameworks cover this control
Framework Mappings
How Cloud Security maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.PS-01 PR.DS-01 |
| ISO 27001 | Covered | A.5.23 A.8.1 |
| CIS v8 | Covered | CIS 4.1 CIS 6.1 |
| SOC 2 | Covered | CC6.1 CC6.7 CC7.1 |
| PCI DSS | Covered | 2.2.1 12.8.1 |
| CMMC | Covered | SC.L2-3.13.1 AC.L2-3.1.1 |
| 800-53 | Covered | AC-20 SA-9 |
| HIPAA | Covered | §164.308(b)(1) §164.314(a)(1) |
| GDPR | Covered | Art.28(1) Art.32(1) |
About Cloud Security
Cloud Security is a cybersecurity control in the Protect domain. Manage security for cloud services and infrastructure. Cloud security encompasses the controls, policies, and technologies needed to protect data, applications, and infrastructure hosted in cloud environments such as AWS, Azure, and Google Cloud. Key implementation areas include identity and access management for cloud resources, secure configuration of cloud services using tools like Cloud Security Posture Management (CSPM), encryption of data at rest and in transit, and network security controls like security groups and virtual private clouds. Understanding the shared responsibility model is essential, as security obligations differ significantly between IaaS, PaaS, and SaaS deployment models.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.