1 Scope
2 Normative references
3 Definitions and abbreviations
4 Cloud sector-specific concepts
5 Information security policies
6 Organization of information security
7 Human resource security
8 Asset management
9 Access control
10 Cryptography
11 Physical and environmental
12 Operations security
13 Communications security
14 System acquisition, development and maintenance
15 Supplier relationships
16 Information security incident management
17 Information security aspects of business continuity
management
18 Compliance
Annex A - Cloud service extended control set
Annex B - References on information security risk related to
cloud computing
Bibliography