IVS-07: Migration to Cloud Environments

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: IVS-10: VM Security – Data Protection.

Control Statement

Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols.

Implementation Guidance

Secure communication—when migrating physical servers, services, applications, or data to virtualized environments—could use a combination of confidentiality, integrity, authentication, source authentication, authorization, and non-repudiation. Building a secure channel of information transmission can be implemented at various network layers. Secure information transmission channels (ports and protocol) should be used such as : SSL, SSH, TLS operates at the application level, IPsec, ICMP at the network level, and PPTP, ARP are at the link layer. Only up-to-date versions for these protocols should be used (deprecated versions should not be used). Furthermore, only a secure port (e.g., 443) should be used.

Auditing Guidance

  1. Examine the list of environments that will be the target of migrations.
  2. Examine the criteria for maintaining a list of approved protocols.
  3. Examine the records of migrations.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.