Policy 560: Cloud Storage Services defines the requirements for a cloud storage service to be used by state entities and establishes safeguards for the use of cloud storage services for state data. This policy takes measures to help prevent data breach and unintended disclosure of sensitive state information while stored, shared, or transmitted in a cloud storage service by leveraging data loss prevention (DLP) capabilities. This policy applies only to the file storage technologies of the Software as a Service (SaaS) cloud computing model as defined by NIST; such as cloud email, cloud file storage, and web-based cloud collaborative services. It does not apply to the Infrastructure as or a Service (IaaS) of the Platform as a Service (PaaS) cloud computing models.
Standard 560S1: Data Loss Prevention for Cloud Services supports implementation of Policy 560 by defining requirements and configuration of DLP solutions for cloud storage services. The intended audience for this standard are the administrators of cloud storage services.
Standard 560S2: System Security Standards for Office 365 defines minimum security configuration requirements for Exchange Online, OneDrive, and SharePoint. The intended audience for this standard are the administrators of those respective cloud storage products.
Standard 560S3: End-User Security Standards for Office 365 defines minimum security requirements for end-user operation of Exchange Online, OneDrive, and SharePoint. The intended audience for this standard are the end-users of those respective cloud storage products.
Policy 560 replaces OIT Policy 340: Cloud-Based File Storage and Sharing Policy
Risks addressed in this document set include:
- Breach or unintended disclosure of confidential state data
- Damage to public image
View or Download: