Table of Contents

 1     Scope          
 2     References 
 3     Definitions 
        3.1     Terms defined elsewhere           
        3.2     Terms defined in this Recommendation 
 4     Abbreviations and acronyms
 5     Conventions             
 6     Overview    
 7     Security threats for cloud computing 
        7.1     Security threats for cloud service customers (CSCs)         
        7.2     Security threats for cloud service providers (CSPs)           
 8     Security challenges for cloud computing         
        8.1     Security challenges for cloud service customers (CSCs)   
        8.2     Security challenges for cloud service providers (CSPs)    
        8.3     Security challenges for cloud service partners (CSNs)      
 9     Cloud computing security capabilities              
        9.1     Trust model    
        9.2     Identity and access management (IAM), authentication, authorization and transaction audit    
        9.3     Physical security          
        9.4     Interface security         
        9.5     Computing virtualization security           
        9.6     Network security          
        9.7     Data isolation, protection and privacy protection              
        9.8     Security coordination  
        9.9     Operational security    
       9.10     Incident management 
       9.11     Disaster recovery        
       9.12     Service security assessment and audit   
       9.13     Interoperability, portability and reversibility     
       9.14     Supply chain security 
10     Framework methodology     
Appendix I – Mapping of cloud computing security threats and challenges to security capabilities