Security Guidance for Critical Areas of Focus in Cloud Computing
Section I. Cloud Architecture
Domain 1: Cloud Computing Architectural Framework
Section II. Governing in the Cloud
Domain 2: Governance and Enterprise Risk Management
Domain 3: Legal and Electronic Discovery
Domain 4: Compliance and Audit
Domain 5: Information Lifecycle Management
Domain 6: Portability and Interoperability
Section III. Operating in the Cloud
Domain 7: Traditional Security, Business Continuity and Disaster Recovery
Domain 8: Data Center Operations
Domain 9: Incident Response, Notification, and Remediation
Domain 10: Application Security
Domain 11: Encryption and Key Management
Domain 12: Identity and Access Management
Domain 13: Virtualization
Download Guidance for Critical Areas of Focus in Cloud Computing (Chinese) Version 2.1, released March 29, 2010
Download Guidance for Critical Areas of Focus in Cloud Computing (Spanish) Version 2.0, released November 23, 2009
Download Guidance for Critical Areas of Focus in Cloud Computing Version 1.0, released April 21, 2009 (DEPRECATED)
Download Identity & Access Management Whitepaper - Released April 27, 2010
Download Application Security Whitepaper - Released July 28, 2010