corpgov:saasapp []

SaaS Application Controls

Control Satisfaction Matrix

Framework Standard	Category	Controls Satisfied	800-53r4 Controls	ISO/SEC 27001	Audit Controls
DLZP Internal	None	None	None	None	None

Major Document History

Date	Comment	Who
8/16/2019	Added SaaS Matrix, Quarterly Rpt Matrix	Tharp
8/19/2019	Updated Quarterly Rpt Matrix	Tharp
8/29/2019	Copied Content For IS-1 SOC submission	Tharp
10/6/2021	Policy's Reviewed for Audit	Tharp

SaaS Compliance Mapping Matrix

A-lign Ref: IS-36, IS-37, IS-38, IS-39, IS-40, IS-41, IS-42, IS-43, IS-44, IS-45, IS-46, IS-47, COB-1, COB-2, COB-3, COB-4, COB-5, COB-6, COB-7, COB-8

Application	Business Use	App Type	App Owner	Recovery Capability	Admin Rights	User Rights	PassWord (Req)	Auth Settings (Std; MFA; Other)	Lockout Policy	Logging Policy	Alert of suspicious activity	Access review by Mgt.	Logs (Network; O/S; DB; App; VPN)? Review by management?	Backup policy and procedures	Backup encryption	Backup Restore Approval	Disater Recovery	Updates/Patches (O/S; Security; Bugs)
AWS Command Line	Manage Cloud Infrastructure	Cloud Service Provider	Dave Brunet	Alternate Region	Account Admin	IAM Role	Complex - Configurable	MFA - Available	N/A	CloudWatch	Available	Yes	Ad-hoc	N/A	N/A	N/A	N/A	N/A
AWS Console	Manage Cloud Infrastructure	Cloud Service Provider	Dave Brunet	Alternate Region	Account Admin	IAM Role	Complex - Configurable	MFA - Available	N/A	CloudWatch	Available	Yes	Ad-hoc	N/A	N/A	N/A	N/A	N/A
AWS Object Storage S3	Cloud Object Storage	Cloud Service Provider	Dave Brunet	Alternate Region	Account Admin	IAM Role	Complex - Configurable	MFA - Available	N/A	CloudWatch	Available	Yes	Ad-hoc	N/A	N/A	N/A	N/A	N/A
DLZP Wiki	Internal Policies and Operations Data	SaaS	Dave Brunet	AutoRestore with 15 Min of Data Loss Potential	Account Admin	Wiki ACL	Complex - Configurable	Standard	No	CloudWatch	Yes	Yes	Yes	Every 4 hours	Yes	Yes	Auto Recover < 15 Data Loss	Yes
DropBox	Business File Sharing	SaaS	Lisa Brunet	Inherited from provider	Account Admin	Role Based	Complex - Configurable	MFA - Available	Not Published	Inherited from provider	Inherited from provider	Yes	Yes	Inherited - Default 120 Days	Inherited	N/A	N/A	N/A
Email	Amazon WorkMail	SaaS	Dave Brunet	Inherited from provider	Account Admin	User Access	Complex - Configurable	Screen Lock - Enabled - Mobile Email - Encryption Required	10 Attempts	Inherited from provider	Inherited from provider	Yes	No	Inherited from provider	Inherited from provider	N/A	N/A	N/A
Google Apps	Interative File Sharing	SaaS	Dave Brunet	Inherited from provider	Account Admin	User Access	Complex - Configurable	MFA - Available	4 Login Attempts	Inherited from provider	Inherited from provider	Yes	Ad-hoc	Inherited from provider	Inherited from provider	N/A	N/A	N/A
Instant Messaging Apps	(Google Hangouts; Slack; SMS Text)	SaaS	Dave Brunet	Inherited from provider	Account Admin	User Access	Complex - Configurable	Various	Inherited from provider	Inherited from provider	Inherited from provider	Yes	No	Inherited from provider	Inherited from provider	N/A	N/A	N/A
PriTunl VPN	Systems Admin SoftVPN	COTS	Dave Brunet	Autorestore with no Data Loss	Account Admin	User Access	N/A	MFA - Enabled	3 Login attempts	CloudWatch	No	Yes	Ad-hoc	Daily	Yes	Yes	N/A	Yes
Trend Micro	Workstation Intrusion Detection	SaaS	Lisa Brunet	Inherited from provider	Account Admin	No Access	N/A	N/A	Inherited from provider	Inherited from provider	Inherited from provider	Yes	No	Inherited from provider	Inherited from provider	N/A	N/A	Yes
Voice	Phone - Cellular	SaaS	Lisa Brunet	Inherited from provider	Account Admin	User Access	PIN	Screen Lock - Enabled - Encryption Required	Inherited from provider	Inherited from provider	No	Yes	Phone Bill	Inherited from provider	Inherited from provider	N/A	N/A	N/A
Zoho CRM	Sales Client Activity	SaaS	Lisa Brunet	Inherited from provider	Account Admin	User Access	Complex - Configurable	MFA - Enabled	Inherited from provider	Inherited from provider	Inherited from provider	Yes	No	Inherited from provider	Inherited from provider	N/A	N/A	N/A
Zoho Project	Project Management; Change Management; Issue Management (client tickets)	SaaS	Lisa Brunet	Inherited from provider	Account Admin	User Access	Complex - Configurable	MFA - Available	Inherited from provider	Inherited from provider	Inherited from provider	Yes	No	Inherited from provider	Inherited from provider	N/A	N/A	N/A
Zoom	Teleconferencing	SaaS	Lisa Brunet	Inherited from provider	Account Admin	User Access	Complex - Configurable	MFA - Available	Inherited from provider	Inherited from provider	Inherited from provider	Yes	No	Inherited from provider	Inherited from provider	N/A	N/A	N/A

SaaS Quarterly Reports Matrix

QTR Reports	App Admin Rpt/Task	App User Rpt/Task	Log Review RPT/Task	VPN Access Logs/Task	Antivirus Settings RPT/Task	Updates-Patches/Task	Code Changes/Task
AWS Command Line	Yes/M5-T36	Yes/M5-T36	Yes/M5-T36	No	No	No	No
AWS Console	Yes/M5-T36	Yes/M5-T36	Yes/M5-T36	No	No	No	No
AWS Object Storage S3	Yes/M5-T36	Yes/M5-T36	Yes/M5-T36	No	No	No	No
DLZP Wiki	Yes/M5-T30	Yes/M5-T30	Yes/M5-T30	No	No	Yes	Yes/M5-T30
DropBox	Yes/M5-T37	Yes/M5-T37	Yes/M5-T37	No	No	No	No
Email	Yes/M5-T37	Yes/M5-T37	Yes/M5-T37	No	No	No	No
Google Docs	Yes/M5-T38	Yes/M5-T38	Yes/M5-T38	No	No	No	No
Instant Messaging Apps	N/A	N/A	N/A	No	No	No	No
PriTunl VPN	Yes/M5-T27	Yes/M5-T27	Yes/M5-T27	Yes/M5-T27	No	Yes	No
Trend Micro	Yes/M5-T37	Yes/M5-T37	Yes/M5-T37	No	Yes/M5-T37	Yes	No
Voice	N/A	N/A	N/A	No	No	No	No
Zoho CRM	Yes/M5-T37	Yes/M5-T37	Yes/M5-T37	No	No	No	No
Zoho Project	Yes/M5-T37	Yes/M5-T37	Yes/M5-T37	No	No	No	No
Zoom	Yes/M5-T37	Yes/M5-T37	Yes/M5-T37	No	No	No	No

Sidebar

Org. Governance

Governance

HR Personnel Policies

Functional/Technical Policies

Internal Processes

Table of Contents

SaaS Application Controls

Control Satisfaction Matrix

Major Document History

SaaS Compliance Mapping Matrix

SaaS Quarterly Reports Matrix

User Tools

Site Tools

Sidebar

Org. Governance

Governance

HR Personnel Policies

Functional/Technical Policies

Internal Processes

Table of Contents

SaaS Application Controls

Control Satisfaction Matrix

Major Document History

SaaS Compliance Mapping Matrix

SaaS Quarterly Reports Matrix

Page Tools