Download Free Due Diligence Checklist Templates

A- Identification of the Company
1. Corporate name
2. Address
3. Mailing address
4. Main telephone number
5. Main telecopier number
6. Main e-mail address
7. Other (specify):

B- Identification of the Authorized Representative
8. Salutation (Mr., Ms.)
9. Representative's first name
10. Initial(s)
11. Representative's family name
12. Position held
13. Telephone number (direct line)
14. Telephone number (general)
15. Mobile telephone number
16. Pager number
17. Telecopier number
18. E-mail address (office)
19. Telephone number (residence)
20. E-mail address (residence)
21. Other (specify):

The Federal Desktop Core Configuration (FDCC) is a security configuration that must be enabled on any desktop that connects to a federal network. FDCC began with a 2007 memorandum by the United States Office of Management and Budget (OMB). That memo discusses the need for a centralization of effort in defining a central configuration for all desktops contained within federal IT environments. Such a unified configuration would strengthen federal IT security by mandating a tested configuration across all federal IT organizations.

This configuration would additionally provide a standardized starting point for external vendors, easing their process with developing solutions that work across the whole of government IT. In conjunction with the FDCC, the OMB also began work on the Security Content Automation Protocol (SCAP), a cross platform vulnerability management protocol that enables outside vendors to validate their productsf functionality with FDCC desktops as well as other regulations required by government systems.

Download Free Cloud Computing IT Security Control Objectives

Asset management, access control

Data protection/segregation/encryption
To provide logical segregation of CSP customers’ data
To enable customer classification of sensitive data
To enable protection of data commensurate with risk and defined information classifications

Information systems acquisition, development, and maintenance

Encryption standards
To enable encryption of sensitive data using consistent mechanisms
To enable access to current and archived data regardless of which keys were used for encryption

Communications and operations management

WebTrust is AICPA/CICA audit framework, intended to focus on e-commerce services.often where there is a direct interaction with individual end users. WebTrust utilizes the same criteria as SysTrust (the Trust Services Security, Availability, Confidentiality and Processing Integrity principles and criteria). It can also include privacy criteria (based on the Generally Accepted Privacy Principles) where the service provider is interacting with and collecting personal information from individual end users in accordance with a Privacy Policy.. WebTrust results in an audit report indicating whether the specific criteria were met.

WebTrust topics covered by generally accepted privacy principles:
- Management
- Notice
- Choice and consent
- Collection

Download Free IT Risk Analysis Templates

Risk 1: Data corruption through loss or alteration of data without the application’s knowledge and consent
Source:
1. Faulty hardware (bit loss or incorrect ordering)
2. Software bugs (unexpected conditions reached and responded to incorrectly)
3. User or IT administrator error (accidental file deletion)

Risk 2: Downtime and/or data corruption through application errors