IVS: Infrastructure & Virtualization Security


IVS-02: Capacity and Resource Planning

Plan and monitor the availability, quality, and adequate capacity of resources in order to deliver the required system performance as determined by the business.

IVS-03: Network Security

Monitor, encrypt and restrict communications between environments to only authenticated and authorized connections, as justified by the business. Review these configurations at least annually, and support them by a documented justification of all allowed services, protocols, ports, and compensating controls.

IVS-04: OS Hardening and Base Controls

Harden host and guest OS, hypervisor or infrastructure control plane according to their respective best practices, and supported by technical controls, as part of a security baseline.

IVS-06: Segmentation and Segregation

Design, develop, deploy and configure applications and infrastructures such that CSP and CSC (tenant) user access and intra-tenant access is appropriately segmented and segregated, monitored and restricted from other tenants.

IVS-07: Migration to Cloud Environments

Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols.

IVS-09: Network Defense

Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks.