CloudeAssurance
Tool Identity Card
General information
Basic information to identify the product
Tool name : CloudeAssurance
Vendor name : eFortresses, Inc.
Country of origin : United States
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : World-wide (state oriented)
Supported by organization, club,... (e.g. as sponsor) : SGS S.A., HISPI, eFortresses
Brief description of the product
Give a brief description of the product containing general information, overview of functions:
-
Cloud Security Assessment, Scoring, Rating, Trending, Benchmarking, Continuous Monitoring, and Education Platform
Supported functionality
Specify the functionality this tool provides.
R.A. Method activities supported
-
Risk identification : Risk identification by any information security and compliance standard or framework
-
Risk analysis : Readiness, Trending and Benchmark Reporting.
-
Risk evaluation : Recommendations and Knowledge Base, Library
Other phases
R.M. Method phases supported
-
Risk assessment
-
Risk treatment
-
Risk acceptance
-
Risk Communication
Other functionality
-
Vendor and Supply Chain Risk Management: Automated assessment of third parties
- Cloud Security Assessment and Validation: 3-Step process leading to CloudeAssurance validated score
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : March 2012
Date and identification of the last version : 2014, Version 1.3
Useful links
Link for further information
Official web site : https://www.cloudeassurance.com
User group web site : https://www.hispi.org
Relevant web site : https://www.hispi.org/CAAP.php
Languages
List the available languages that the tool supports
Languages available : English
Pricing and licensing models
Specify the price for the product (as provided by the company on March 2012)
-
Price: Free trial
- Maintenance: Free trial
Sectors with free availability or discounted price : Any sector
Trial before purchase
Details regarding the evaluation period of the tool
Trial period : 30 days
Tool architecture
Specify the technologies used in this tool
-
Database: SaaS, Microsoft Windows Azure
- Web Server: SaaS, Microsoft Windows Azure
- Application Server: SaaS, Microsoft Windows Azure
-
Client: Internet Browser - Firefox, Internet Explorer, Google Chrome, Safari
Scope
Target public
Defines the most appropriate type of communities for this tool
-
Government, agencies
-
Large scale companies
-
SME
-
Commercial CIEs
-
Non Commercial CIEs
-
Cloud Services (SaaS, PaaS, IaaS)
Specific sector : Any enterprise environment or supplier environment
Spread
Information concerning the spread of this tool
General information : World-wide in many different organizations
Level of detail
Specify the target kind of people for this tool based on its functionality
Management
Operational
Technical
Compliance to IT Standards
List the national or international standard this tool is compliant with
-
2011 CSA GRC Stack and HISPI CAAP Top 20 Controls - CSA CCM 1.2 and CAIQ 1.1
-
2012 HISPI CAAP Top 20 ISO/IEC 27001:2005 Annex A Controls and EU Safe Harbor - May 2013 Matrix
-
FedRAMP Baseline Controls - September 2013 Matrix
-
ISO/IEC 21827:2008 Process Areas and Base Practices Controls - July 2013 Matrix
-
ISO/IEC 27001:2005 Annex A Controls HISPI CAAP Top 20 Controls and EU Safe Harbor - May 2013 Matrix
-
ISO/IEC 27001:2005 ISMS HISPI CAAP Top 20 Controls - September 2012 Matrix
-
ISO/IEC 27001:2005 ISMS including Annex A Controls HISPI CAAP Top 20 Controls and EU Safe Harbor - May 2013 Matrix
-
ISO/IEC 27001:2005 ISMS including Annex A Controls HISPI CAAP Top 20 Controls Cybersecurity Framework 1st Draft and EU Safe Harbor - September 2013 Matrix
-
ISO/IEC 27001:2013 ISMS including Annex A Controls HISPI CAAP Top 20 Controls -January 2014
-
NIST Cybersecurity Framework 1st Draft HISPI CAAP Top 20 - September 2013
- NIST Cybersecurity Framework 2nd Draft HISPI CAAP Top 20 Controls - December 2013 Matrix
- NIST SP 800-53r3
- NIST SP 800-53r4
- NIST SP 800-53r4 - and PM Controls
-
PCI DSS 2.0 HISPI CAAP Top 20 Controls - May 2013 Matrix
-
PCI DSS 3.0 HISPI CAAP Top 20 Controls - December 2013 Matrix
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
-
CAAP Validation (Cloud Security Validation)
-
ISO/IEC 27001:2005, ISO/IEC 27001:2013
-
NIST Special Publication 800-53 Revision 3 and Revision 4
-
NIST Cybersecurity Framework
-
PCI-DSS 2.0, , PCI-DSS 3.0
-
FedRAMP
-
FISMA
-
EU Safe Harbor
Training
Information about possible training courses for this tool
- Course : HISPI, CCSK, Any training can be imported for use.
- Duration : Various
- Skills: Information Security (various)
- Expenses :$2,000 per annum
Users viewpoint
Skills needed
Specify the skills needed to use and maintain the solution
-
To install : None – SaaS solution and therefore web portal.
-
To use : None
-
To maintain : None
Tool Support
Specify the kind of support the company provides for this product
Support : Digital Chalk Learning Management System
Organization processes integration
Describe user roles this tool supports
Supported Roles
-
CISO and CIO
-
Risk Management Officers
-
Vendor/Supply chain risk management
-
Auditors
- Consultants
Integration in Organization activities
-
N/A
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
-
Single Sign On using open API - LMS (Digital Chalk) for Training/Education
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
-
Microsoft SQL- Assessment Data
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
-
N/A