5.1 Support the Planning Process for the Data Center Design
» Logical Design (e.g., tenant partitioning, access control)
» Physical Design (e.g., location, buy or build)
» Environmental Design (e.g., HVAC, multi-vendor pathway connectivity)
5.2 Implement and Build Physical Infrastructure for Cloud Environment
» Secure Configuration of Hardware Specific Requirements (e.g., BIOS settings for virtualization and TPM, storage controllers, network controllers)
» Installation and Configuration of Virtualization Management Tools for the Host
5.3 Run Physical Infrastructure for Cloud Environment
» Configuration of Access Control for Local Access (e.g., Secure KVM, Console based access mechanisms)
» Securing Network Configuration (e.g., VLAN’s,TLS, DHCP, DNS, IPSEC)
» OS Hardening via Application of Baseline (e.g.,Windows, Linux, VMware)
» Availability of Stand-Alone Hosts
» Availability of Clustered Hosts (e.g.,distributed resource scheduling (DRS),dynamic optimization (DO), storage clusters, maintenance mode, high availability
5.4 Manage Physical Infrastructure for Cloud Environment
» Configuring Access Controls for Remote Access (e.g., RDP, Secure Terminal Access)
» OS Baseline Compliance Monitoring and Remediation
» Patch Management
» Performance Monitoring (e.g., network, disk, memory, CPU)
» Hardware Monitoring (e.g., disk I/O, CPU temperature, fan speed)
» Backup and Restore of Host Configuration
» Implementation of Network Security Controls (e.g., firewalls, IDS, IPS, honeypots, vulnerability assessments)
» Log Capture and Analysis (e.g., SIEM, Log Management)
» Management Plane (e.g., scheduling, orchestration, maintenance)
5.5 Build Logical Infrastructure for Cloud Environment
» Secure Configuration of Virtual Hardware Specific Requirements (e.g., network, storage, memory, CPU)
» Installation of Guest O/S Virtualization Toolsets
5.6 Run Logical Infrastructure for Cloud Environment
» Secure Network Configuration (e.g., VLAN’s, TLS, DHCP, DNS, IPSEC)
» OS Hardening via Application of a Baseline (e.g., Windows, Linux, VMware)
» Availability of the Guest OS
5.7 Manage Logical Infrastructure for Cloud Environment
» Access Control for Remote Access (e.g., RDP)
» OS Baseline Compliance Monitoring and Remediation
» Patch Management
» Performance Monitoring (e.g., Network, Disk, Memory, CPU)
» Backup and Restore of Guest OS Configuration (e.g., Agent based, SnapShots, Agentless)
» Implementation of Network Security Controls (e.g., firewalls, IDS, IPS, honeypots, vulnerability assessments)
» Log Capture and Analysis (e.g., SIEM, log management)
» Management Plane (e.g., scheduling, orchestration, maintenance)
5.8 Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1)
» Change Management
» Continuity Management
» Information Security Management
» Continual Service Improvement Management
» Incident Management
» Problem Management
» Release Management
» Deployment Management
» Configuration Management
» Service Level Management
» Availability Management
» Capacity Management
5.9 Conduct Risk Assesment to Logical and Physical Infrastructure
5.10 Understand the Collection, Acquisition and Preservation of Digital Evidence
» Proper Methodologies for Forensic Collection of Data
» Evidence Management
5.11 Manage Communication with Relevant Parties
» Vendors
» Customers
» Partners
» Regulators
» Other Stakeholders