Links

Documents: https://sites.google.com/site/cloudauditcontrols

Nostalgia. http://www.defense.gov/multimedia/audio/generalqrts.wav. 

Federal

• NIST SP800-53 Database
• STIG Viewer http://iase.disa.mil/stigs/stig_viewing_guidance.html
• http://www.cnss.gov/full-index.html 
• Federal Information Processing Standards (FIPS): FIPS 199 -- Security Categorization | FIPS 200 -- Minimum Security Controls 
• NIST Special Publications: SP 800-30 -- Risk Assessment | SP 800-37 -- Risk Management Framework | SP 800-53 Rev 4 -- Security Controls | SP 800-53A -- Security Controls Assessement | SP 800-60 Vol 1 -- Security Categorization | SP 800-60 Vol 2 -- Security Categorization | SP 800-137 -- Continuous Monitoring 
• Committee on National Security Systems (CNSS): CNSSP 22 -- Risk Management Policy for NSS | CNSSI 1253 -- Security Categorization and Control Selection for NSS) 
• Department of Defense Instructions: CNSSI 1253 -- Security Categorization and Control Selection for NSS) | DoDI 8510.01 -- (DIACAP) 
• Federal Information Security Management Act (FISMA): FISMA Implementation Project (NIST) | Federal Risk and Authorization Management Program (FedRAMPSM) | Federal Cloud Strategy 
• Thank you IA Security Solutions for a great concise list.

The Quick View Abbreviated List

• Common Regulations and Standards SOX | GLBA | FFIEC | Basel II | FCRA | HIPAA | NERC | NRC | CFAA | FISMA | FRCP | FISCAM | Privacy Act of 1974 | Safe Harbor | NYSE  | PCI-DSS | COSO 
• Audit Practices and Guides | ISO 27001:2005 | ISO/IEC 27002-2005 | OGC ITIL | BCI | CobiT | ISACA | AICPA | ISACA | OECD

VMware Compliance Checkers

• PCI-DSS Compliance Checker: http://www.vmware.com/products/datacenter-virtualization/pci-compliance-checker/overview.html
• VMware Hardening Guidelines: http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html

Common Regulations and Standards

• The Sarbanes-Oxley Act
• Gramm-Leach-Bliley Act
• Basel II: International Convergence of Capital Measurement and Capital Standards
• Fair Credit Reporting Act
• Health Insurance Portability and Accountability Act
• North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards
• NRC Regulations (10 CFR) § 73.54
• Computer Fraud and Abuse Act
• Federal Information Security Management Act
• Federal Rules of Civil Procedure
• Federal Information System Controls Audit Manual
• Privacy Act of 1974
• US Department of Commerce EU Safe Harbor Privacy Principles
• NYSE Listed Company Manual
• PCI-DSS (Payment Card Industry Data Security Standard)
• COSO Enterprise Risk Management Integrated Framework

 Audit Practices and Guides

• ISO 27001:2005, Information Security Management Systems - Requirements
• ISO/IEC 27002-2005 Code of practice for information security management
• OGC ITIL: Security Management
• Business Continuity Institute (BCI) Good Practice Guidelines, 2005
• CobiT 4.1
• ISACA IS Standards, Guidelines, and Procedures for Auditing and Control Professionals, May 15, 2009
• AICPA Incident Response Plan: Template for Breach of Personal Information
• ISACA Cross-Border Privacy Impact Assessment
• OECD Principles of Corporate Governance, 2004
• OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
• AICPA Audit and Accounting Guides
• DOT Physical Security Survey Checklist

Vulnerability Notifications

• US-CERT: http://www.us-cert.gov/ncas
• Security Focus Bugtraq: http://www.securityfocus.com
• Microsoft: http://go.microsoft.com/fwlink/?LinkId=51352
• Secunia: http://secunia.com/advisories/mailing_lists 

FFIEC IT Examination Handbook booklets

Audit | Business Continuity Planning | Development and Acquisition | E-Banking | Information Security | Management | Operations | Outsourcing Technology Services | Retail Payment Systems | Supervision of Technology Service Providers | Wholesale Payment Systems

VCE

• Product Security Center: http://www.vce.com/security/
• VCE Security Response Center: http://www.vce.com/products/auxiliary-products/security/response-center     

VMware

• Product Security Center: http://www.vmware.com/technical-resources/security/index.html
• Advisories: http://www.vmware.com/security/advisories/
• Certifications: http://www.vmware.com/support/support-resources/certifications.html
• Compliance: http://www.vmware.com/technical-resources/security/compliance/
• E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
• Security Advisories are posted to the following lists:
• security-announce at lists.vmware.com
• bugtraq at securityfocus.com
• full-disclosure at lists.grok.org.uk
• E-mail: security@vmware.com; PGP key at: http://kb.vmware.com/kb/1055
• VMware Security Advisories: http://www.vmware.com/security/advisories
• VMware security response policy: http://www.vmware.com/support/policies/security_response.html
• General support life cycle policy: http://www.vmware.com/support/policies/eos.html
• VMware Infrastructure support life cycle policy: http://www.vmware.com/support/policies/eos_vi.html

Cisco

• Product Security Center: http://tools.cisco.com/security/center/home.x
• Security Policy and Advisories: There are several ways to stay connected and informed about the latest security vulnerability information from Cisco. To subscribe to the mailing list, send an e-mail message to cust-security-announce-join@cisco.com. (The content of the message does not matter.) You will receive confirmation, instructions, and a list policy statement. For a full list of options, including RSS, view their product security policy: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#rsvifc
• Certifications: http://www.cisco.com/web/strategy/government/sec_cert.html
• Compliance: http://www.cisco.com/web/strategy/index.html
• Export and Contract Compliance: http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_compliance.html
• Cyber Risk Reports: http://tools.cisco.com/security/center/cyberRiskReport.x
• Services (FW, SLB, IPS/IDS): http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns743/ns994/landing_ntwk_services.html
• Security and Virtualization: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/dc_sec_design.html
• Data Center Security: http://www.cisco.com/en/US/netsol/ns750/networking_solutions_sub_program_home.html
• Data Center Design Zone: http://www.cisco.com/en/US/netsol/ns743/networking_solutions_program_home.html

EMC

• Product Security Center: http://www.emc.com/products/security/index.htm
• Advisories: http://www.emc.com/contact-us/contact/product-security-response-center.htm
• Subscribe to both EMC Security Advisories All EMC Products - Current Year and relevant product-specific documents on Powerlink. Click the lightning bolt (i.e. Alert Me) icon next to the Product documents of choice to add it to your Alerts Portlet. You can choose to be notified by email and/or each time you login to Powerlink.
• Certifications: http://www.emc.com/products/external-security-validation.htm
• Compliance: Organized under specific Business Needs: http://www.emc.com/solutions/index.htm
• Security Solutions: http://www.emc.com/security/index.htm

JOBS

• https://www.cyberseek.org/heatmap.html
• Check out salary data using Payscale, Glassdoor, Indeed, and Salary to see the median pay for your industry, position, and location. You can also use Glassdoor's Know Your Worth tool. PayScale offers its free report PayScale's Salary Survey with data covering your salary range based on position, skills, education, and experience.