1
Scope
2
References
3
Definitions
3.1
Terms defined elsewhere
3.2
Terms defined in this Recommendation
4
Abbreviations and acronyms
5
Conventions
6
Overview
7
Security threats for cloud computing
7.1
Security threats for cloud service customers (CSCs)
7.2
Security threats for cloud service providers (CSPs)
8
Security challenges for cloud computing
8.1
Security challenges for cloud service customers (CSCs)
8.2
Security challenges for cloud service providers (CSPs)
8.3
Security challenges for cloud service partners (CSNs)
9
Cloud computing security capabilities
9.1
Trust model
9.2
Identity and access management (IAM), authentication, authorization and transaction
audit
9.3
Physical security
9.4
Interface security
9.5
Computing virtualization security
9.6
Network security
9.7
Data isolation, protection and privacy protection
9.8
Security coordination
9.9
Operational security
9.10
Incident management
9.11
Disaster recovery
9.12
Service security assessment and audit
9.13
Interoperability, portability and reversibility
9.14
Supply chain security
10
Framework methodology
Appendix I – Mapping of cloud computing security threats and challenges
to security capabilities
Bibliography