CCSP Domain Chapter Mapping

Domain and Objectives Covered in

Domain 1: Cloud Concepts, Architecture and Design
1.1 Understand cloud computing concepts Chapter 1 Module 1
1.1.1 Cloud computing definitions Chapter 1 Module 1
1.1.2 Cloud computing roles and responsibilities Chapter 1 Modules 1 & 2
1.1.3 Key cloud computing characteristics Chapter 1 Module 1
1.1.4 Building block technologies Chapter 1 Module 1
1.2 Describe cloud reference architecture Chapter 1 Module 2
1.2.1 Cloud computing activities Chapter 1 Module 2
1.2.2 Cloud service capabilities Chapter 1 Module 2
1.2.3 Cloud service categories Chapter 1 Module 2
1.2.4 Cloud deployment models Chapter 1 Module 2
1.2.5 Cloud shared considerations Chapter 1 Module 2
1.2.6 Impact of related technologies Chapter 1 Module 2
1.3 Understand security concepts relevant to cloud computing Chapter 1 Module 3,
Chapter 3 Module 8
1.3.1 Cryptography and key management Chapter 3 Module 2
1.3.2 Identity and access control Chapter 3 Module 8
1.3.3 Data and media sanitization Chapter 3 Module 7
1.3.4 Network security Chapter 3 Module 8
1.3.5 Virtualization security Chapter 3 Module 8,
Chapter 4 Module 1
1.3.6 Common threats Chapter 1 Module 3
1.3.7 Security hygiene Chapter 1 Module 3
1.4 Understand design Principles of Secure Cloud Computing Chapter 1 Module 4
1.4.1 Cloud secure life cycle Chapter 3 Module 1
1.4.2 Business continuity (BC) and disaster recovery plan (DR) Chapter 4 Module 7
1.4.3 Business impact analysis (BIA) Chapter 1 Module 2
1.4.4 Functional security requirements Chapter 4 Module 2
1.4.5 Security considerations and responsibilities for different Chapter 1 Module 4
cloud categories
1.4.6 Cloud design patterns Chapter 1 Module 4,
Chapter 6 Module 1
1.4.7 DevOps security Chapter 5 Module 2
1.5 Evaluate cloud service providers Chapter 1 Module 5,
Chapter 2 Module 4
1.5.1 Verification against criteria Chapter 1 Module 3,
Chapter 3 Module 4
1.5.2 System/subsystem product certifications Chapter 1 Module 5,
Chapter 2 Module 5,
Chapter 3 Module 2
Domain 2: Cloud Data Security
2.1 Describe cloud data concepts Chapter 3 Module 1
2.1.1 Cloud data life cycle phases Chapter 3 Module 1
2.1.2 Data dispersion Chapter 3 Module 1
2.1.3 Data flows Chapter 3 Module 1
2.2 Design and implement cloud data storage architectures Chapter 3 Module 4
2.2.1 Storage types Chapter 3 Module 4
2.2.2 Threats to storage types Chapter 3 Module 4
2.3 Design and apply data security technologies and strategies Chapter 3 Module 6
2.3.1 Encryption and key management Chapter 3 Module 2
2.3.2 Hashing Chapter 3 Module 2
2.3.3 Data obfuscation Chapter 3 Module 6
2.3.4 Tokenization Chapter 3 Module 6
2.3.5 Data loss prevention Chapter 3 Module 6
2.3.6 Keys, secrets and certificates management Chapter 3 Module 2
2.4 Implement data discovery Chapter 3 Module 3
2.4.1 Structured data Chapter 3 Module 3
2.4.2 Unstructured data Chapter 3 Module 3
2.4.3 Semi-structured data Chapter 3 Module 3
2.4.4 Data location Chapter 3 Module 1
2.5 Plan and implement data classification Chapter 3 Module 3
2.5.1 Data classification policies Chapter 3 Module 3
2.5.2 Data mapping Chapter 3 Module 3
2.5.3 Data labeling Chapter 3 Module 3
2.6 Design and implement information rights management Chapter 3 Module 5
(IRM)
2.6.1 Objectives Chapter 3 Module 5
2.6.2 Appropriate tools Chapter 3 Module 2
2.7 Plan and implement data retention, deletion and archiving Chapter 3 Module 7
policies
2.7.1 Data retention policies Chapter 3 Module 7
2.7.2 Data deletion procedures and mechanisms Chapter 3 Module 7
2.7.3 Data archiving procedures and mechanisms Chapter 3 Module 7
2.7.4 Legal hold Chapter 2 Module 2
2.8 Design and implement auditability, traceability and Chapter 6 Module 5
accountability of data
2.8.1 Definition of event sources and requirement of event Chapter 6 Module 5
attributes
2.8.2 Logging, storage and analysis of data events Chapter 6 Module 5
2.8.3 Chain of custody and non-repudiation Chapter 2 Module 2
Domain 3: Cloud Platform and Infrastructure Security
3.1 Comprehend Cloud infrastructure and platform Chapter 4 Module 1
components
3.1.1 Physical environment Chapter 4 Module 2
3.1.2 Network and communications Chapter 4 Module 1
3.1.3 Compute Chapter 4 Module 1
3.1.4 Virtualization Chapter 4 Module 1
3.1.5 Storage Chapter 4 Module 1
3.1.6 Management plane Chapter 4 Module 1
3.2 Design a secure data center Chapter 4 Module 2
3.2.1 Logical design Chapter 4 Module 2
3.2.2 Physical design Chapter 4 Module 2
3.2.3 Environmental design Chapter 4 Module 2
3.2.4 Design resilience Chapter 4 Module 2
3.3 Analyze risks associated with cloud infrastructure and Chapter 4 Module 3
platforms
3.3.1 Risk assessment Chapter 4 Module 3
3.3.2 Cloud vulnerabilities, threats and attacks Chapter 4 Module 3
3.3.3 Risk mitigation strategies Chapter 4 Module 3
3.4 Plan and implementation of security controls Chapter 4 Module 4
3.4.1 Physical and environmental protection Chapter 4 Modules 2 & 4
3.4.2 System, storage and communication protection Chapter 4 Module 4
3.4.3 Identification, authentication and authorization in cloud Chapter 4 Module 4
environments
3.4.4 Audit mechanisms Chapter 4 Module 4
3.5 Business continuity (BC) and disaster recovery (DR) Chapter 4 Module 7
3.5.1 Business continuity (BC) / disaster recovery strategy (DR) Chapter 4 Module 7
3.5.2 Business requirements Chapter 4 Module 7
3.5.3 Creation, implementation and testing of plan Chapter 4 Module 7
Domain 4: Cloud Application Security
4.1 Advocate training and awareness for application security Chapter 5 Module 1
4.1.1 Cloud development basics Chapter 5 Module 1
4.1.2 Common pitfalls Chapter 5 Module 1
4.1.3 Common cloud vulnerabilities Chapter 5 Module 1
4.2 Describe the secure software development life cycle (SDLC) Chapter 5 Module 2
process
4.2.1 Business requirements Chapter 5 Module 2
4.2.2 Phases and methodologies Chapter 5 Module 2
4.3 Apply the Secure Software Development Life Cycle (SDLC) Chapter 5 Module 3
4.3.1 Cloud-specific risks Chapter 5 Module 1
4.3.2 Threat modeling Chapter 5 Module 3
4.3.3 Avoid common vulnerabilities during development Chapter 5 Module 3
4.3.4 Secure coding Chapter 5 Module 3
4.3.5 Software configuration management and versioning Chapter 5 Module 3
4.4 Apply cloud software assurance and validation Chapter 5 Module 4
4.4.1 Functional and non-functional testing Chapter 5 Module 4
4.4.2 Security testing methodologies Chapter 5 Module 4
4.4.3 Quality assurance (QA) Chapter 5 Module 4
4.4.4 Abuse case testing Chapter 5 Module 4
4.5 Use verified secure software Chapter 5 Module 5
4.5.1 Securing application programming interfaces (API) Chapter 5 Module 5
4.5.2 Supply chain management Chapter 2 Module 6,
Chapter 5 Module 5
4.5.3 Third-party software management Chapter 5 Module 5
4.5.4 Validated open-source software Chapter 5 Module 5
4.6 Comprehend the specifics of cloud application architecture Chapter 5 Module 6
4.6.1 Supplemental security components Chapter 5 Module 5
4.6.2 Cryptography Chapter 3 Module 2
4.6.3 Sandboxing Chapter 5 Module 6
4.6.4 Application virtualization and orchestration Chapter 5 Module 6
4.7 Design appropriate Identity and access management (IAM) Chapter 4 Module 6
solutions
4.7.1 Federated identity Chapter 4 Module 6
4.7.2 Identity providers (IdP) Chapter 4 Module 6
4.7.3 Single sign-on (SSO) Chapter 4 Module 6
4.7.4 Multi-factor authentication (MFA) Chapter 4 Module 6
4.7.5 Cloud access security broker (CASB) Chapter 4 Module 6
4.7.6 Secrets management Chapter 4 Module 6
Domain 5: Cloud Security Operations
5.1 Build and implement physical and logical infrastructure for Chapter 4 Module 5
cloud environment
5.1.1 Hardware-specific security configuration requirements Chapter 3 Module 2,
Chapter 4 Module 5
5.1.2 Installation and configuration of management plane tools Chapter 4 Module 5
5.1.3 Virtual hardware specific security configuration Chapter 4 Modules 1 & 5
requirements
5.1.4 Installation of guest operating system (OS) virtualization Chapter 4 Module 5
toolsets
5.2 Operate and maintain physical and logical infrastructure for Chapter 6 Module 1
cloud environment
5.2.1 Access controls for local and remote access Chapter 6 Module 1
5.2.2 Secure network configuration Chapter 6 Module 1
5.2.3 Network security controls Chapter 4 Module 5,
Chapter 6 Module 1
5.2.4 Operating system (OS) hardening through the application Chapter 6 Module 1
of baselines, monitoring and remediation
5.2.5 Patch management Chapter 6 Module 2
5.2.6 Infrastructure as Code (IaC) strategy Chapter 4 Module 5
5.2.7 Availability of clustered hosts Chapter 6 Module 1

5.2.8 Availability of guest operating system (OS) Chapter 6 Module 1

5.2.9 Performance and capacity monitoring Chapter 6 Module 1

5.2.10 Hardware monitoring Chapter 6 Module 1

5.2.11 Configuration of host and guest operating system (OS) Chapter 6 Module 1
backup and restore functions
5.2.12 Management plane Chapter 1 Module 1,
Chapter 4 Modules 1&5
5.3 Implement operational controls and standards Chapter 6 Module 2
5.3.1 Change management Chapter 6 Module 2
5.3.2 Continuity management Chapter 6 Module 2
5.3.3 Information security management Chapter 6 Module 2
5.3.4 Continual service improvement management Chapter 6 Module 2
5.3.5 Incident management Chapter 6 Module 2
5.3.6 Problem management Chapter 6 Module 2
5.3.7 Release management Chapter 6 Module 2
5.3.8 Deployment management Chapter 6 Module 2
5.3.9 Configuration management Chapter 6 Module 2
5.3.10 Service level management Chapter 6 Module 2
5.3.11 Availability management Chapter 6 Module 2
5.3.12 Capacity management Chapter 6 Module 2
5.4 Support digital forensics Chapter 2 Module 2,
Chapter 6 Module 3
5.4.1 Forensic data collection methodologies Chapter 2 Module 2
5.4.2 Evidence management Chapter 2 Module 2,
Chapter 6, Module 3
5.4.3 Collect, acquire and preserve digital evidence Chapter 2 Module 2,
Chapter 6, Module 3
5.5 Manage communication with relevant parties Chapter 2 Module 2,
Chapter 6 Module 4
5.5.1 Vendors Chapter 6 Module 4
5.5.2 Customers Chapter 6 Module 4
5.5.3 Partners Chapter 6 Module 4
5.5.4 Regulators Chapter 6 Module 4
5.5.5 Other stakeholders Chapter 6 Module 4
5.6 Manage security operations Chapter 6 Module 6
5.6.1 Security operations center (SOC) Chapter 6 Module 6
5.6.2 Intelligent monitoring of security controls Chapter 4 Module 5,
Chapter 6 Module 1,
Chapter 6 Module 6
5.6.3 Log capture and analysis Chapter 6 Module 6
5.6.4 Incident management Chapter 6 Module 2
5.6.5 Vulnerability assessments Chapter 5 Module 4
Domain 6: Legal, Risk and Compliance
6.1 Legal requirements and unique risks in cloud environment Chapter 2 Module 1
6.1.1 Conflicting international legislation Chapter 2 Module 1
6.1.2 Evaluation of legal risks specific to cloud computing Chapter 2 Module 1
6.1.3 Legal framework and guidelines Chapter 2 Module 1
6.1.4 E-discovery Chapter 2 Module 2
6.1.5 Forensics requirements Chapter 2 Module 2
6.2 Understand privacy issues Chapter 2 Module 3
6.2.1 Difference between contractual and regulated private data Chapter 2 Module 3
6.2.2 Country-specific legislation related to private data Chapter 2 Module 3
6.2.3 Jurisdictional differences in data privacy Chapter 2 Module 3
6.2.4 Standard privacy requirement Chapter 2 Module 3
6.2.5 Privacy impact assessments (PIA) Chapter 2 Module 3
6.3 Understand audit process, methodologies, and required Chapter 2 Modules 3 & 4
adaptations for a cloud environment
6.3.1 Internal and external audit controls Chapter 2 Module 4
6.3.2 Impact of audit requirements Chapter 2 Module 4
6.3.3 Identify assurance challenges of virtualization and cloud Chapter 6 Module 2
6.3.4 Types of audit reports Chapter 2 Module 4
6.3.5 Restrictions of audit scope statements Chapter 2 Module 4
6.3.6 Gap analysis Chapter 2 Module 4
6.3.7 Audit planning Chapter 2 Module 4
6.3.8 Internal information security management system Chapter 2 Module 4
6.3.9 Internal information security controls system Chapter 2 Module 4
6.3.10 Policies Chapter 2 Module 4
6.3.11 Identification and involvement of relevant stakeholders Chapter 2 Module 4
6.3.12 Specialized compliance requirements for highly regulated Chapter 2 Modules 3 & 4
industries
6.3.13 Impact of distributed information technology (IT) model Chapter 2 Modules 3 & 4
6.4 Implications of cloud to enterprise risk management Chapter 2 Module 5
6.4.1 Assess provider’s risk management program Chapter 2 Module 5
6.4.2 Difference between Data owner/controller vs. data Chapter 2 Module 5
custodian/processor
6.4.3 Regulatory transparency requirements Chapter 2 Module 5
6.4.4 Risk treatment Chapter 2 Module 5
6.4.5 Different risk frameworks Chapter 2 Module 5
6.4.6 Metrics for risk management Chapter 2 Module 5
6.4.7 Assessment of risk environment Chapter 2 Module 5
6.5 Understand outsourcing and cloud contract design Chapter 2 Module 6
6.5.1 Business requirements Chapter 1 Module 5,
Chapter 2 Module 6
6.5.2 Vendor management Chapter 2 Module 6
6.5.3 Contract management Chapter 2 Module 6
6.5.4 Supply-chain management Chapter 2 Module 6