Evaluate Cloud Service Providers
1.1 According to standard certification Verification against criteria
- ISO/EC 27001 and 27001:2013
- NIST SP 800-53
- Payment Card Industry Data Security Standard (PCI DSS)
- SOC 1, SOC 2 and SOC 3
- Common Criteria
- FIPS 140-2
1.2 System/subsystem product certification System/subsystem product certifications
The SOC2 report expands beyond basic financial audit topics to include five areas. For cloud security experts, the most important are security principles (other principles are availability, processing integrity, confidentiality or privacy). The security principles consist of seven categories:
- organization and management
- communication
- Risk management and control design and implementation
- Ongoing Monitoring of Control Measures
- Logical and physical access control measures
- System operation
- change management
Most Popular Cloud Security Certifications with Cloud Customers:
- ISO/IEC 27001 and 27001:2013
- Payment Card Industry Data Security Standard (PCI DSS)
- SOC 1, SOC 2 and SOC 3
- General Criteria ISO15408