NCSC 14 Cloud Principles Gap Analysis Service
Protecting your cloud deployments from cyber-attacks and security violations is absolutely essential. In the UK, the NCSC (National Cyber Security Centre) have formulated 14 universal Principles to help organisations establish good cloud cyber-security.
Our NCSC Cloud Principles Gap Analysis Service is designed to discover and assess how the 14 Principles have been implemented. In this assignment, we will investigate how the NCSC 14 Cloud Principles have been interpreted and incorporated into the organisations policies, processes, technologies and operational security controls.
The NCSC 14 Cloud Principles are briefly described below together with objective of the Gap Analysis investigation undertaken:
NCSC 14 Cloud Principles |
Gap Analysis audit objectives |
1. Data in transit protection |
Verification that user data, transmitted over networks is adequately protected against tampering and eavesdropping. |
2.Asset protection and resilience |
Confirmation that user data, and the assets storing or processing the user data, are protected against physical tampering, loss, damage or seizure. |
3.Separation between users |
Confirmation that a malicious or compromised user of the service should not be able to affect the service or data of another. |
4.Governance framework |
Confirmation that the service provider should have a security governance framework which coordinates and directs its management of the service and information within it. |
5.Operational security |
Confirmation that the service is operated and managed securely, in order to impede, detect or prevent attacks. |
6.Personnel security |
Confirmation that where the service provider personnel have access to your data and systems there is a high degree of confidence in their trustworthiness. |
7.Secure development |
Verification that where services are designed and developed, there are actions taken to identify and mitigate threats to their security. |
8.Supply chain security |
Verification that the service provider ensures that its supply chain satisfactorily supports all of the security principles which the service claims to implement. |
9.Secure user |
Verification that the provider should make tools available for you to securely manage your use of their service. |
10.Identity and authentication |
Verification that access to service interfaces is constrained to authenticated and authorised individuals. |
11.External interface protection |
Confirmation that all external or less trusted interfaces of the service should be identified and appropriately defended. |
12.Secure service administration |
Confirmation that systems used for administration of a cloud service are protected by highly privileged access control, in operation for the service. |
13.Audit information for users |
Confirmation that audit records needed to monitor access to your service and the data held within it, are available and are of sufficient detail. |
14.Secure use of the service |
Confirmation that there are suitable operational instructions that tell users of their responsibilities when using the service in order for your data to be adequately protected. |
NCSC Cloud Principles Gap Analysis Service
Features:
Our NCSC Cloud Principles Gap Analysis Service includes the following: :
- Independent assessment of how well the NCSP Principles are implemented
- Reports provided
- Debrief on Gap Analysis findings
NCSC Cloud Principles Gap Analysis Service
Benefits:
- Affordable, focussed investigation, quickly executed
- Validation undertaken by certified information security professionals
- Gap Analysis results reported in a clear and concise manner
- Report includes recommendations for improvement (where relevant)
For queries and pricing details do contact us below to discuss.
NCSC Cloud Security principles Related Pages
+44 (0)203 397 0142
DLP Assured Services Limited
Kemp House
152 - 160 City Road
London
England
EC1V 2NX