Depending on your scope, you can also look at some of the CIS benchmarks that are specific to cloud providers.
In general, however, you would first need some basic threat model. This will allow you to validate if you have enough controls.
If there are no threats, you don't need controls :-)
------------------------------
Peter HJ van Eijk
CCSK & CCAK trainer
https://www.clubcloudcomputing.com/------------------------------
Original Message:
Sent: Jun 04, 2021 03:53:17 AM
From: ANIL KUMAR K
Subject: Cloud Security Assessment Checklist
Hi All.
Looking for sample operational security assessment checklist. The CCM is huge and I am looking something simple one.
Thanks