Skip to main content
CLD

Cloud Security

24 controls

Govern cloud instances as an extension of on-premise technologies with equal or greater security protections than the organization's own internal cybersecurity & data privacy controls.

SCF # Control Name Weight NIST CSF Frameworks
CLD-01 Cloud Services 10 — Critical Govern 50
CLD-01.1 Cloud Infrastructure Onboarding 9 — Critical Protect 3
CLD-01.2 Cloud Infrastructure Offboarding 9 — Critical Protect 2
CLD-02 Cloud Security Architecture 8 — High Protect 29
CLD-03 Cloud Infrastructure Security Subnet 6 — Medium Protect 20
CLD-04 Application Programming Interface (API) Security 9 — Critical Protect 12
CLD-04.1 API Gateway 7 — High Protect 1
CLD-05 Virtual Machine Images 8 — High Protect 5
CLD-06 Multi-Tenant Environments 9 — Critical Protect 25
CLD-06.1 Customer Responsibility Matrix (CRM) 8 — High Identify 10
CLD-06.2 Multi-Tenant Event Logging Capabilities 8 — High Identify 5
CLD-06.3 Multi-Tenant Forensics Capabilities 8 — High Identify 2
CLD-06.4 Multi-Tenant Incident Response Capabilities 8 — High Identify 3
CLD-07 Data Handling & Portability 4 — Medium Protect 3
CLD-08 Standardized Virtualization Formats 4 — Medium Protect 5
CLD-09 Geolocation Requirements for Processing, Storage and Service Locations 10 — Critical Protect 36
CLD-10 Sensitive Data In Public Cloud Providers 6 — Medium Protect 18
CLD-11 Cloud Access Security Broker (CASB) 7 — High Protect 10
CLD-12 Side Channel Attack Prevention 3 — Low Protect 5
CLD-13 Hosted Assets, Applications & Services 9 — Critical Protect 2
CLD-13.1 Authorized Individuals For Hosted Assets, Applications & Services 9 — Critical Protect 1
CLD-13.2 Sensitive / Regulated Data On Hosted Assets, Applications & Services 9 — Critical Protect 1
CLD-14 Prohibition On Unverified Hosted Assets, Applications & Services 8 — High Protect 1
CLD-15 Software Defined Storage (SDS) 3 — Low Protect 1

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free