| Framework | Description |
|---|---|
| FedRamp | A US government program for authorising cloud services with standardised security controls. It provides a list of prescreened cloud service providers authorised to work with US government agencies. |
| FIPS 140-2 | Defines four levels of security for cryptographic modules: L1 – Basic physical security L2 – Adds tamper-evident seals and labelling L3 – Requir |
Gerald Bachlmayr gezza-b
| NIST Standard | Description |
|---|---|
| NIST SP 800‑37 | Risk management framework: Describes a risk management framework. Similar to ISO 27005 / ISO 31000 |
| NIST SP 800‑53 | ISMS equivalent: Information Security Management Systems – comparable to ISO 27001 |
| NIST SP 800‑61 | Incident management framework: Describes impacts such as reputational damage and legal consequences |
| NIST SP 800‑133 | Cryptographic key generation: Highlights the importance of using secure random number generators |
| ISO Standard | Description |
|---|---|
| ISO 20000-1 | Service management – aligns with ITIL: Addresses capacity management, release & deployment management, and security policies |
| ISO 27001 | ISMS – Information Security Management Systems: Framework for establishing, implementing, maintaining, and continually improving ISMS |
| ISO 27002 | Security controls for ISMS: Guidelines for implementing information security controls |
| ISO 27018 | Privacy for cloud providers: Describes privacy requirements for cloud service providers like AWS, Azure, and GCP |
|
gezza-b
/ ccsp-dc-uptime.md
Last active
August 4, 2025 08:39
| Tier | Description | Availability | Max outage |
|---|---|---|---|
| Tier 1 | Basic capacity – no redundancy | 99.671% | 18.8 hours/year |
| Tier 2 | Partial redundancy – for power & cooling | 99.764% | 11 hours/year |
| Tier 3 | Increased redundancy – 72 hours of outage protection | 99.982% | 1.6 hours/year |
| Tier 4 | Fully tolerant; 1N+1 for everything | 99.995% | 26.3 minutes/year |
gezza-b
/ ccsp-data-lifecycle.md
Last active
July 29, 2025 12:23
| Phase | Description |
|---|---|
| Plan | Foundational activities for secure data management include identification of data requirements, data classification, and planning for storage and compliance. |
| Create | Creating the data, ensuring integrity using digital signatures or checksums. |
| Store | Securely storing the data, including tags, encryption, implementing access control, alignment with data residency laws, and potentially implementing data dispersion (storing data in several locations). |
| Use | Accessing and processing the data, including encryption in transit. |
| Share | Secure sharing of data between environments, enforcing the principle of least privilege, encryption in transit, and data transfer policies. |
| Archive | Establishing long-term storage whilst ensuring data integrity and enforcing retention policies. |
| Destroy | Secure data deletion. For example, via cryptographic erasure, which means the encryption key is deleted o |
| Content Area | Description |
|---|---|
| Vendor-neutral | Preparing for the CCSP exam provides a vendor-neutral view of cloud security responsibilities and architecture. |
| Broader scope | It covers broader security-related domains, including governance, legal/regulatory issues, risk, and compliance. |
| Stakeholder communication | It also enhances the candidate’s ability to communicate effectively with CISOs, auditors, regulators, and risk teams. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "Resource": "arn:aws:s3:::awsconfigconforms-yourname/*", | |
| "Condition": { | |
| "StringEquals": { | |
| "aws:PrincipalOrgID": "youraccount" | |
| }, | |
| "ArnLike": { | |
| "aws:PrincipalArn": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Path: / | |
| Description: Role for the AWS Config Recorder | |
| ManagedPolicyArns: | |
| - arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations | |
| RoleName: OrgRecorderRole |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Type: AWS::IAM::Role | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: | |
| - config.amazonaws.com | |
| Action: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Resources: | |
| ConfigAggregator: | |
| Type: AWS::Config::ConfigurationAggregator | |
| Properties: | |
| ConfigurationAggregatorName: !Ref AggregatorName | |
| OrganizationAggregationSource: | |
| AllAwsRegions: true | |
| RoleArn: !GetAtt OrgRecorderRole.Arn |
NewerOlder