Published under Risk Management

Tool Identity Card

General information
Basic information to identify the product

Tool name : CloudeAssurance
Vendor name : eFortresses, Inc.
Country of origin : United States

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-wide (state oriented)
Supported by organization, club,... (e.g. as sponsor) : SGS S.A., HISPI, eFortresses

Brief description of the product
Give a brief description of the product containing general information, overview of functions:

  • Cloud Security Assessment, Scoring, Rating, Trending, Benchmarking, Continuous Monitoring, and Education Platform

Supported functionality
Specify the functionality this tool provides.

R.A. Method activities supported

  • Risk identification : Risk identification by any information security and compliance standard or framework
  • Risk analysis : Readiness, Trending and Benchmark Reporting.
  • Risk evaluation : Recommendations and Knowledge Base, Library

Other phases

R.M. Method phases supported

  • Risk assessment
  • Risk treatment
  • Risk acceptance
  • Risk Communication

Other functionality

  • Vendor and Supply Chain Risk Management: Automated assessment of third parties
  • Cloud Security Assessment and Validation: 3-Step process leading to CloudeAssurance validated score

Date of the first edition, date and number of actual version

Date of first release : March 2012
Date and identification of the last version : 2014, Version 1.3

Useful links
Link for further information

Official web site :
User group web site :
Relevant web site :

List the available languages that the tool supports

Languages available : English

Pricing and licensing models
Specify the price for the product (as provided by the company on March 2012)

  • Price: Free trial
  • Maintenance: Free trial

Sectors with free availability or discounted price : Any sector

Trial before purchase
Details regarding the evaluation period of the tool

Trial period : 30 days

Tool architecture
Specify the technologies used in this tool

  • Database: SaaS, Microsoft Windows Azure
  • Web Server: SaaS, Microsoft Windows Azure
  • Application Server: SaaS, Microsoft Windows Azure
  • Client: Internet Browser - Firefox, Internet Explorer, Google Chrome, Safari

Page top


Target public
Defines the most appropriate type of communities for this tool

  • Government, agencies
  • Large scale companies
  • SME
  • Commercial CIEs
  • Non Commercial CIEs
  • Cloud Services (SaaS, PaaS, IaaS)

Specific sector : Any enterprise environment or supplier environment

Information concerning the spread of this tool

General information : World-wide in many different organizations

Level of detail
Specify the target kind of people for this tool based on its functionality


Compliance to IT Standards
List the national or international standard this tool is compliant with

  • 2011 CSA GRC Stack and HISPI CAAP Top 20 Controls - CSA CCM 1.2 and CAIQ 1.1
  • 2012 HISPI CAAP Top 20 ISO/IEC 27001:2005 Annex A Controls and EU Safe Harbor - May 2013 Matrix
  • FedRAMP Baseline Controls  - September 2013 Matrix
  • ISO/IEC 21827:2008 Process Areas and Base Practices Controls - July 2013 Matrix
  • ISO/IEC 27001:2005 Annex A Controls HISPI CAAP Top 20 Controls and EU Safe Harbor - May 2013 Matrix
  • ISO/IEC 27001:2005 ISMS HISPI CAAP Top 20 Controls - September 2012 Matrix
  • ISO/IEC 27001:2005 ISMS including Annex A Controls HISPI CAAP Top 20 Controls and EU Safe Harbor - May 2013 Matrix
  • ISO/IEC 27001:2005 ISMS including Annex A Controls HISPI CAAP Top 20 Controls Cybersecurity Framework 1st Draft and EU Safe Harbor - September 2013 Matrix
  • ISO/IEC 27001:2013 ISMS including Annex A Controls HISPI CAAP Top 20 Controls -January 2014
  • NIST Cybersecurity Framework 1st Draft HISPI CAAP Top 20 - September 2013
  • NIST Cybersecurity Framework 2nd Draft HISPI CAAP Top 20 Controls - December 2013 Matrix
  • NIST SP 800-53r3
  • NIST SP 800-53r4
  • NIST SP 800-53r4 - and PM Controls
  • PCI DSS 2.0 HISPI CAAP Top 20 Controls - May 2013 Matrix
  • PCI DSS 3.0 HISPI CAAP Top 20 Controls - December 2013 Matrix

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • CAAP Validation (Cloud Security Validation)
  • ISO/IEC 27001:2005, ISO/IEC 27001:2013
  • NIST Special Publication 800-53 Revision 3 and Revision 4
  • NIST Cybersecurity Framework
  • PCI-DSS 2.0, , PCI-DSS 3.0
  • FedRAMP
  • EU Safe Harbor

Information about possible training courses for this tool

  • Course : HISPI, CCSK, Any training can be imported for use.
  • Duration : Various
  • Skills: Information Security (various)
  • Expenses :$2,000 per annum

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : None – SaaS solution and therefore web portal.
  • To use : None
  • To maintain : None

Tool Support
Specify the kind of support the company provides for this product

Support : Digital Chalk Learning Management System

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • CISO and CIO
  • Risk Management Officers
  • Vendor/Supply chain risk management
  • Auditors
  • Consultants

Integration in Organization activities

  • N/A

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools


  • Single Sign On using open API - LMS (Digital Chalk) for Training/Education

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • Microsoft SQL- Assessment Data

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • N/A
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies