The document discusses 14 domains related to security guidance for critical areas of focus in cloud computing. The domains include legal issues, contracts, electronic discovery, governance, risk management, infrastructure security, incident response, management and business continuity, information governance, cloud concepts and architectures, virtualization and containers, application security, data security and encryption, identity and access management, security as a service, and related technologies. The document also notes that the CSA uses the NIST 800-145 model for defining cloud computing and endorses the more in-depth ISO/IEC 17788 reference model.

1. Domain 3
Legal Issues, Contracts and Electronic Discovery
Domain 4
Compliance and Audit Management
Domain 2
Governance and Enterprise Risk Management
Domain 7
Infrastructure Security
Security Guidance for Critical Areas of Focus in Cloud Computing
The (CSA) uses the NIST 800-145 model for cloud computing as its standard for defining cloud computing.
The CSA also endorses the ISO/IEC 17788 model which is more in-depth, and additionally serves as a reference model.
Authored by; Jason P. Rusch - CISSP CGEIT CISM CISA GNSA | www.infosec-rusch.com | jason@infosec-rusch.com
Critical Areas of Focus in Cloud Computing v4.0
Domain 9
Incident Response
Domain 6
Management Plane and Business Continuity
Domain 5
Information Governance
Domain 1
Cloud Computing Concepts and Architectures
Domain 8
Virtualization and Containers
Domain 10
Application Security
Domain 11
Data Security and Encryption
Domain 12
Identity, Entitlement, and Access Management
Domain 13
Security as a Service
Domain 14
Related Technologies
Cloud Governance Incident Security LegalCompliance