# Domain 5: Cloud Security Operations

# 5.1 Build and implement physical and logical infrastructure for cloud environment

  • Hardware specific security configuration requirements
    • Hardware security module (HSM) and Trusted Platform Module (TPM)
  • Installation and configuration of management tools
  • Virtual hardware specific security configuration requirements
    • Network
    • Storage
    • Memory
    • Central processing unit (CPU)
    • Hypervisor type 1 and 2
  • Installation of guest operating system (OS) virtualization toolsets

# 5.2 Operate and maintain physical and logical infrastructure for cloud environment

  • Access controls for local and remote access
    • Remote Desktop Protocol (RDP)
    • Secure terminal access
    • Secure Shell (SSH)
    • Console-based access mechanisms
    • Jumpboxes
    • Virtual client
  • Secure network configuration
    • Virtual local area networks (VLAN)
    • Transport Layer Security (TLS)
    • Dynamic Host Configuration Protocol (DHCP)
    • Domain Name System Security Extensions (DNSSEC)
    • Virtual private network (VPN)
  • Network security controls
    • Firewalls
    • Intrusion detection systems (IDS)
    • Intrusion prevention systems (IPS)
    • Honeypots
    • Vulnerability assessments
    • Network security groups
    • Bastion host
  • Operating system (OS) hardening through the application of baselines, monitoring and remediation
    • Windows
    • Linux
    • VMware
  • Patch management
  • Infrastructure as Code (IaC) strategy
  • Availability of clustered hosts
    • Distributed resource scheduling
    • Dynamic optimization
    • Storage clusters
    • Maintenance mode
    • High availability (HA)
  • Availability of guest operating system (OS)
  • Performance and capacity monitoring
    • Network
    • Compute
    • Storage
    • Response time
  • Hardware monitoring
    • Disk
    • Central processing unit (CPU)
    • Fan speed
    • Temperature
  • Configuration of host and guest operating system (OS) backup and restore functions
  • Management plane
    • Scheduling
    • Orchestration
    • Maintenance

# 5.3 Implement operational controls and standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)

  • Incident management
  • Problem management
  • Release management
  • Deployment management
  • Configuration management
  • Service level management
  • Availability management
  • Capacity management

# 5.4 Support digital forensics

  • Forensic data collection methodologies
  • Evidence management
  • Collect, acquire, and preserve digital evidence

# 5.5 Manage communication with relevant parties

  • Vendors
  • Customers
  • Partners
  • Regulators
  • Other stakeholders

# 5.6 Manage security operations

  • Forensic data collection methodologies
  • Evidence management
  • Collect, acquire, and preserve digital evidence
  • Security operations center (SOC)
  • Intelligent monitoring of security controls
    • Firewalls
    • Intrusion detection systems (IDS)
    • Intrusion prevention systems (IPS)
    • Honeypots
    • Network security groups
    • Artificial intelligence (AI)
  • Log capture and analysis
    • Security information and event management (SIEM)
    • Log management
  • Incident management
  • Vulnerability assessments