#5.1 Build and implement physical and logical infrastructure for cloud environment
Hardware specific security configuration requirements
Hardware security module (HSM) and Trusted Platform Module (TPM)
Installation and configuration of management tools
Virtual hardware specific security configuration requirements
Network
Storage
Memory
Central processing unit (CPU)
Hypervisor type 1 and 2
Installation of guest operating system (OS) virtualization toolsets
#5.2 Operate and maintain physical and logical infrastructure for cloud environment
Access controls for local and remote access
Remote Desktop Protocol (RDP)
Secure terminal access
Secure Shell (SSH)
Console-based access mechanisms
Jumpboxes
Virtual client
Secure network configuration
Virtual local area networks (VLAN)
Transport Layer Security (TLS)
Dynamic Host Configuration Protocol (DHCP)
Domain Name System Security Extensions (DNSSEC)
Virtual private network (VPN)
Network security controls
Firewalls
Intrusion detection systems (IDS)
Intrusion prevention systems (IPS)
Honeypots
Vulnerability assessments
Network security groups
Bastion host
Operating system (OS) hardening through the application of baselines, monitoring and remediation
Windows
Linux
VMware
Patch management
Infrastructure as Code (IaC) strategy
Availability of clustered hosts
Distributed resource scheduling
Dynamic optimization
Storage clusters
Maintenance mode
High availability (HA)
Availability of guest operating system (OS)
Performance and capacity monitoring
Network
Compute
Storage
Response time
Hardware monitoring
Disk
Central processing unit (CPU)
Fan speed
Temperature
Configuration of host and guest operating system (OS) backup and restore functions
Management plane
Scheduling
Orchestration
Maintenance
#5.3 Implement operational controls and standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)