=====SaaS Application Controls=====

<WRAP round box>
====Control Satisfaction Matrix====
^Framework Standard^ Category^Controls Satisfied^ 800-53r4 Controls^ ISO/SEC 27001^ Audit Controls^
| DLZP Internal | None  |None      |None        |None  |None     |


===Major Document History===
^ Date       ^ Comment                                             ^ Who    ^
| 8/16/2019  | Added SaaS Matrix, Quarterly Rpt Matrix  | Tharp  |
| 8/19/2019  | Updated Quarterly Rpt Matrix  | Tharp  |
| 8/29/2019  | Copied Content For IS-1 SOC submission | Tharp  |
| 10/6/2021  | Policy's Reviewed for Audit             | Tharp  |
</WRAP>








----
=====SaaS Compliance Mapping Matrix=====
<WRAP indent>**A-lign Ref: IS-36, IS-37, IS-38, IS-39, IS-40, IS-41, IS-42, IS-43, IS-44, IS-45, IS-46, IS-47, COB-1, COB-2, COB-3, COB-4, COB-5, COB-6, COB-7, COB-8**</WRAP>
^Application^Business Use^App Type^App Owner^Recovery Capability^Admin Rights^User Rights^PassWord (Req)^Auth Settings (Std; MFA; Other)^Lockout Policy^Logging Policy^Alert of suspicious activity^Access review by Mgt.^Logs (Network; O/S; DB; App; VPN)? Review by management?^Backup policy and procedures^Backup encryption^Backup Restore Approval^Disater Recovery^Updates/Patches (O/S; Security; Bugs)^
|AWS Command Line |Manage Cloud Infrastructure|Cloud Service Provider|Dave Brunet|Alternate Region|Account Admin|IAM Role|Complex - Configurable|MFA - Available|N/A|CloudWatch|Available|Yes|Ad-hoc|N/A|N/A|N/A|N/A|N/A|
|AWS Console |Manage Cloud Infrastructure|Cloud Service Provider|Dave Brunet|Alternate Region|Account Admin|IAM Role|Complex - Configurable|MFA - Available|N/A|CloudWatch|Available|Yes|Ad-hoc|N/A|N/A|N/A|N/A|N/A|
|AWS Object Storage S3|Cloud Object Storage|Cloud Service Provider|Dave Brunet|Alternate Region|Account Admin|IAM Role|Complex - Configurable|MFA - Available|N/A|CloudWatch|Available|Yes|Ad-hoc|N/A|N/A|N/A|N/A|N/A|
|DLZP Wiki |Internal Policies and Operations Data|SaaS|Dave Brunet|AutoRestore with 15 Min of Data Loss Potential |Account Admin |Wiki ACL|Complex - Configurable|Standard|No|CloudWatch|Yes|Yes|Yes|Every 4 hours|Yes|Yes|Auto Recover < 15 Data Loss|Yes|
|DropBox |Business File Sharing|SaaS|Lisa Brunet|Inherited from provider|Account Admin|Role Based|Complex - Configurable|MFA - Available|Not Published|Inherited from provider|Inherited from provider|Yes|Yes|Inherited - Default 120 Days|Inherited|N/A|N/A|N/A|
|Email |Amazon WorkMail|SaaS|Dave Brunet|Inherited from provider|Account Admin|User Access |Complex - Configurable|Screen Lock - Enabled  - Mobile Email - Encryption Required|10 Attempts |Inherited from provider|Inherited from provider|Yes|No|Inherited from provider|Inherited from provider|N/A|N/A|N/A|
|Google Apps|Interative File Sharing|SaaS|Dave Brunet|Inherited from provider|Account Admin|User Access |Complex - Configurable|MFA - Available|4 Login Attempts|Inherited from provider|Inherited from provider|Yes|Ad-hoc|Inherited from provider|Inherited from provider|N/A|N/A|N/A|
|Instant Messaging Apps |(Google Hangouts; Slack; SMS Text)|SaaS|Dave Brunet|Inherited from provider|Account Admin|User Access |Complex - Configurable|Various|Inherited from provider|Inherited from provider|Inherited from provider|Yes|No|Inherited from provider|Inherited from provider|N/A|N/A|N/A|
|PriTunl VPN|Systems Admin SoftVPN|COTS|Dave Brunet|Autorestore with no Data Loss|Account Admin|User Access |N/A|MFA - Enabled|3 Login attempts|CloudWatch|No|Yes|Ad-hoc|Daily|Yes|Yes|N/A|Yes|
|Trend Micro|Workstation Intrusion Detection|SaaS|Lisa Brunet|Inherited from provider|Account Admin|No Access|N/A|N/A|Inherited from provider|Inherited from provider|Inherited from provider|Yes|No|Inherited from provider|Inherited from provider|N/A|N/A|Yes|
|Voice |Phone - Cellular|SaaS|Lisa Brunet|Inherited from provider|Account Admin|User Access |PIN|Screen Lock - Enabled - Encryption Required |Inherited from provider|Inherited from provider|No|Yes|Phone Bill|Inherited from provider|Inherited from provider|N/A|N/A|N/A|
|Zoho CRM|Sales Client Activity|SaaS|Lisa Brunet|Inherited from provider|Account Admin|User Access |Complex - Configurable|MFA - Enabled|Inherited from provider|Inherited from provider|Inherited from provider|Yes|No|Inherited from provider|Inherited from provider|N/A|N/A|N/A|
|Zoho Project |Project Management; Change Management; Issue Management (client tickets)|SaaS|Lisa Brunet|Inherited from provider|Account Admin|User Access |Complex - Configurable|MFA - Available|Inherited from provider|Inherited from provider|Inherited from provider|Yes|No|Inherited from provider|Inherited from provider|N/A|N/A|N/A|
|Zoom|Teleconferencing |SaaS|Lisa Brunet|Inherited from provider|Account Admin|User Access |Complex - Configurable|MFA - Available|Inherited from provider|Inherited from provider|Inherited from provider|Yes|No|Inherited from provider|Inherited from provider|N/A|N/A|N/A|

----
====SaaS Quarterly Reports Matrix====
^QTR Reports^App Admin Rpt/Task^App User Rpt/Task^Log Review RPT/Task^VPN Access Logs/Task^Antivirus Settings RPT/Task^Updates-Patches/Task^Code Changes/Task^
|AWS Command Line |Yes/M5-T36|Yes/M5-T36|Yes/M5-T36|No|No|No|No|
|AWS Console |Yes/M5-T36|Yes/M5-T36|Yes/M5-T36|No|No|No|No|
|AWS Object Storage S3|Yes/M5-T36|Yes/M5-T36|Yes/M5-T36|No|No|No|No|
|DLZP Wiki |Yes/M5-T30|Yes/M5-T30|Yes/M5-T30|No|No|Yes|Yes/M5-T30|
|DropBox |Yes/M5-T37|Yes/M5-T37|Yes/M5-T37|No|No|No|No|
|Email |Yes/M5-T37|Yes/M5-T37|Yes/M5-T37|No|No|No|No|
|Google Docs|Yes/M5-T38|Yes/M5-T38|Yes/M5-T38|No|No|No|No|
|Instant Messaging Apps |N/A|N/A|N/A|No|No|No|No|
|PriTunl VPN|Yes/M5-T27|Yes/M5-T27|Yes/M5-T27|Yes/M5-T27|No|Yes|No|
|Trend Micro|Yes/M5-T37|Yes/M5-T37|Yes/M5-T37|No|Yes/M5-T37|Yes|No|
|Voice |N/A|N/A|N/A|No|No|No|No|
|Zoho CRM|Yes/M5-T37|Yes/M5-T37|Yes/M5-T37|No|No|No|No|
|Zoho Project |Yes/M5-T37|Yes/M5-T37|Yes/M5-T37|No|No|No|No|
|Zoom|Yes/M5-T37|Yes/M5-T37|Yes/M5-T37|No|No|No|No|