スライド 1

Size: px

Start display at page:

Download "スライド 1"

はなたけはな
5 years ago
Views:

1 FISMA

2 1 1

3 2

4 3

5 4

6 1 ISO/IEC 27001) (27003,27004, ) IPA 5

7 6

8 7

9 8

10 9

11 ( ) 2008) 10

12 SP FISMA SP GISRA FISMA 2002/12/17 SP SP800-53Rev.1 SP Rev.1 SP 800 SP SP SP Rev.2 SP 800 SP SP800-53A -53A SP Rev.3 SP 800 SP Rev.1 SP 800 ISO/IEC JIS X5080 Q27002 Q27001 ISMS Ver.0.8 Ver.1.0 Ver.2.0 / Ver.1.0 Ver

13 12

14 13

15 Step6 MONITOR Step1 CATEGORIZE Step2 SELECT Step5 AUTHORIZE Step4 ASSESS Step3 IMPLEMENT 14

16 Risk Management Strategy Architecture Description Organizational Inputs Step6 Step1 CATEGORIZE Information Systems FIPS 199/SP Step2 MONITOR Security Controls SELECT Security Controls SP A FIPS 200/SP Step5 AUTHORIZE Information Systems SP Step4 ASSESS Security Controls SP A 15 Step3 IMPLEMENT Security Controls SP Series

17 ) 16

18 FEA SP A SP FIPS 199/SP HIGH,MOD,LOW SP Rev.1 FIPS 200/SP HIGH, MOD,LOW SP 800-Series SP A /

19 SP /5 APPENDIX / SP Rev /11 APPENDIX E 18 SP Rev3 2009/8 6

20 19

21 20

22 21

23 22

24 23

25 24

26 2009/12/16 25

27 Code P1 P2 26

28 27

29 NIST SP A CLASS FAMILY j 28

30 29

31 Consensus Audit Guideline( 30

32 ( Inspector General( 31

33 32

34 33

35 34

36 35

37 36

38 37

39 38

40 NIST SP Rev.3 39

41 NIST SP Rev.3 ISO/IEC

42 41

43 AT-1 AT-2 AT-3 AT-4 AT-5 42

44 Step6 MONITOR Step5 AUTHORIZE Step1 CATEGORIZE Step4 ASSESS Step2 SELECT Step3 IMPLEMENT / / 43 /

45 Step6 MONITOR Step1 CATEGORIZE Step2 SELECT Step5 AUTHORIZE Step4 ASSESS / Step3 IMPLEMENT / / 44

46 45

47 46

48 47

49 48

50 49

51 SCAP XCCDF 50

52 51

53 52

54 Risk Management Strategy Architecture Description Organizational Inputs Step6 MONITOR Security Controls Step1 CATEGORIZE Information Systems Step2 SELECT Security Controls Step5 AUTHORIZE Information Systems Step4 ASSESS Security Controls Step3 IMPLEMENT Security Controls 53

55 54

56 55

57 XCCDF IA-5 SCAP 56 Windows

58 57

59 58

60 59

61 60

62 enterprise owned or leased shared infrastructure for specific community Sold to the public, mega-scale infrastructure composition of two or more clouds 61

63 Hybrid Clouds Private Cloud Community Cloud Public Cloud Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Broad Network Access On Demand Self-Service Rapid Elasticity Resource Pooling Measured Service 62 62

64 63 63

65 ,,, 64

66 Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks C&A Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds) 65

67 66

68 67

69 68

70 Provide guidance to industry and government for the creation and management of relevant cloud computing standards allowing all parties to gain the maximum value from cloud computing 69

71 Proprietary Value Add Functionality Standardized Core Cloud Capabilities 70

72 71

73 72

74 73

75 74

76 75

77 76

クラウドサービスの基本的なこと

クラウドサービスの基本的なことクラウドサービスの基本的なこと当スライド最終版は別途アップします 2012/09/15 ADempiere Japan Users Group Special Seminar (1stDay) 自己紹介 kidatti クラウドって何? 米国国立標準技術研究所 http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf