European Privacy & Security
This EU regulation governs personal data processing and cross-border transfers; breach reporting within 72 hours.
What is the General Data Protection Regulation (GDPR)?
This Japanese law restricts third-party transfers and mandates protection of personal information.
What is the Act on the Protection of Personal Information (APPI)?
International standard for security controls in cloud services.
What is ISO/IEC 27017?
XML-based standard used to exchange authentication and authorization info between identity and service providers.
What is Security Assertion Markup Language (SAML) 2.0?
International IT governance and management framework used by many organizations alongside ISO standards. HINT: ISACA
What is COBIT (Control Objectives for Information and Related Technologies)?
This EU directive sets security and incident-handling requirements for essential service providers and digital services like cloud.
What is the Network and Information Systems (NIS) Directive?
This Australian law imposes 13 Privacy Principles and breach notifications even for CSPs abroad.
What is the Australian Privacy Act?
International standard for protecting PII in public clouds.
What is ISO/IEC 27018?
Standard packaging format enabling portability of virtual appliances between cloud environments.
What is Open Virtualization Format (OVF)?
Best practice library for IT service management adopted globally, including data centers.
What is ITIL (Information Technology Infrastructure Library)?
This transatlantic framework, originally invalidated by the Court of Justice of the EU in 2020 and replaced by a new framework in 2023, governs data transfers from the EU to the U.S.
What is the EU–U.S. Privacy Shield (and its successor, the EU–U.S. Data Privacy Framework)?
This Chinese law governs critical information infrastructure operators and requires data localization plus security review for outbound transfers.
What is the China Cybersecurity Law (CSL)?
Cloud security capabilities, roles, and threat model standard from the ITU.
What is ITU-T X.1601?
ITU-T Recommendation X.1601, titled “Security framework for cloud computing”, defines a high-level security framework for cloud services. It is not a law but an international standard.
Open API specification for managing cloud computing resources such as compute and storage.
What is Open Cloud Computing Interface (OCCI)?
Voluntary U.S.-origin cybersecurity framework now adopted internationally.
What is the NIST Cybersecurity Framework (CSF)?
This EU privacy law governs electronic communications and cookies and is expected to be replaced by a Regulation soon.
What is the ePrivacy Directive?
This Russian law requires personal data of citizens to be stored within Russia.
What is the Russian Data Localization Law?
Cloud security framework mapping controls to regulations; often paired with STAR Registry.
What is the CSA Cloud Controls Matrix (CCM)?
RESTful interface for creating, retrieving, updating, and deleting data elements in cloud storage.
Answer: What is Cloud Data Management Interface (CDMI)?
European standards coordination initiative for cloud computing.
What is ETSI Cloud Standards Coordination (CSC)?
OECD’s founding document for privacy principles used globally, including collection limitation and security safeguards.
What are the OECD Privacy Guidelines?
This APEC initiative promotes cross-border privacy rules among Asia-Pacific economies.
What is the APEC Privacy Framework?
Public registry of cloud provider security assessments maintained by CSA.
What is the Security, Trust, Assurance, and Risk (STAR) Registry?
Open specification for orchestrating complex cloud applications and topologies published by OASIS.
Answer: What is TOSCA (Topology and Orchestration Specification for Cloud Applications)?
Global certification program for cloud professionals focusing on knowledge of cloud security best practices.
What is the Certificate of Cloud Security Knowledge (CCSK)?