Area Downloads

`

1. CSA Italy

2. CSA Global

3. AGID

4. Governo Italiano

5. Norme ISO/IEC

6. ENISA

7. UNIONE EUROPEA

8. ETSI

9. GARANTE PRIVACY

10. US DoD (DISA)

CSA Italy

• Statuto,pdf,vedi
• CSA Chapter Code of Ethics, vedi
• Informativa Privacy, vedi
• Informativa Privacy per i Sondaggi, vedi
• Informativa Cookie, vedi
• Regolamento Comitato Scientifico, vedi
• Manifesto CISO Cloud, pdf, vedi
• Traduzione in italiano della “Cloud Security Guidance Ver. 2.1” (2011), vedi
• Documento di ricerca 2012 “Portabilità Interoperabilità Sicurezza Applicativa”, vedi
• Ebook Ricerca 2012 “Portabilità Interoperabilità Sicurezza Applicativa”, vedi
• Documento di Ricerca 2012 Studio “Standard Contrattuali per il Cloud Computing”, ITA, vedi
• Documento di Ricerca 2012 Studio “Standard Contrattuali per il Cloud Computing”, ENG, vedi
• Traduzione in italiano del documento ENISA “Cloud Computing Benefits Risks and Recommandations for Information Security” (2012), vedi
• Traduzione in Inglese del Rapporto Clusit “ICT Security in Italy 2013”, ENG, vedi
• Documento di Ricerca 2013 “Data Breach: panoramica degli aspetti normativi ed ottica Cloud”, vedi
• Documento di Ricerca 2013 “BYOD: a next step forward for the IT revolution started with Cloud”, ENG, vedi
• Documento di Ricerca 2014 “Responsabilità degli enti per i delitti informatici e trattamento illecito di dati in contesto Cloud Services”, IT, vedi
• Documento di Ricerca 2014 “CSA CCM v3.0 con SEZIONE Legge 231”, ENG, vedi
• Documento di Ricerca 2015 “Servizi di pagamento via internet: il contesto normativo italiano per gli aspetti di sicurezza dei dati ed ipotesi di mapping rispetto ai controlli CSA CCM”, IT, vedi
• Documento di Ricerca 2020 – “Principi di sicurezza applicabili ai Cloud Computing Services: GDPR, Direttiva NIS e PSD2 a confronto”, vedi

CSA Global

• Tutte le Ricerche CSA (+250 pubblicazioni),pdf, vedi
• WEBINAR (Brightalk),streaming, vedi

AGID (Agenzia per l’Italia Digitale)

• Il Modello Cloud della Pubblica Amministrazione (2019-2021)
• Il Cloud Marketplace della Pubblica Amministrazione
• Raccomandazioni e proposte sull’utilizzo del cloud computing nella Pubblica Amministrazione (2012), pdf, Download
• Strategia per la crescita digitale 2014-2020, pdf, Download
• Strategia per la banda ultralarga e crescita digitale, pdf, Download

Governo Italiano

• LEGGE 18 novembre 2019, n. 133 perimetro nazionale di sicurezza cibernetica

Norme ISO/IEC

• Information technology — Security techniques — Information security management systems — Requirements, html, ISO/IEC 27001
• Information technology — Security techniques — Code of practice for information security controls, html, ISO/IEC 27002
• ISO/IEC 27018:2019 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
• ISO/IEC 27017:2015 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
• ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
• Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, html, ISO/IEC 27018
• Information technology — Security techniques — Information security in supplier relationships — Part 1: Overview and concepts, html,ISO/IEC 27036-1
• Information technology — Security techniques — Information security in supplier relationships — Part 2: Requirements,html, ISO/IEC 27036-2
• Information technology — Security techniques — Information security in supplier relationships — Part 3: Guidelines for information and communication technology supply chain security,html,ISO/IEC 27036-3
• Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services, html, ISO/IEC 27036-4

ENISA

• 2021 – Cloud Certification Scheme: Building Trusted Cloud Services Across Europe

• Cloud Security Guidance for SMEs (2015), pdf, Download
• Cloud computing risk assessment (2009), pdf, Download
  Assurance framework for cloud computing (2009),pdf,Download
• Critical Cloud Computing-A CIIP perspective on cloud computing services (2013), pdf, Download
• Procure Secure: A guide to monitoring of security service levels in cloud contracts (2012), pdf, Download
• Incident Reporting for Cloud Computing (2013), pdf, Download
• Survey and analysis of security parameters in cloud SLAs across the European public sector (2011), pdf, Download
• Security and Resilience in Governemental Clouds (2011), pdf, Download
• Good practice guide for Governmental clouds (2013), pdf, Download
• Security framework for Governmental Clouds (2014), pdf, Download
• Cloud Computing Certification (2015), pdf, Download

UNIONE EUROPEA

• REGOLAMENTO (UE) 2019/881 DEL PARLAMENTO EUROPEO E DEL CONSIGLIO del 17 aprile 2019 relativo all’ENISA, l’Agenzia dell’Unione europea per la cibersicurezza, e alla certificazione della cibersicurezza per le tecnologie dell’informazione e della comunicazione, e che abroga il regolamento (UE) n. 526/2013 («regolamento sulla cibersicurezza»)
• EU Cloud Strategy (2012), pdf, Download
• Unleashing the Potential of Cloud Computing in Europe (2012), pdf, Download
• Trusted Cloud Europe (2014), pdf, Download
• Sfruttare il potenziale del cloud computing in Europa (2012), pdf, Download

ETSI

• Cloud Computing Standards (2013), pdf, Download

Garante per la protezione dei dati personali

• GDPR – Testo del Regolamento UE 2016/679 (19.9.2018) 
• CLOUD COMPUTING – Proteggere i dati per non cadere dalle nuvole (2012), pdf, Download
• Working Party 196 Parere 05/2012 sul cloud computing (2012), pdf, Download
• Parere del Garante sullo schema di ‘Linee-guida per il Disaster Recovery delle pubbliche amministrazioni’ – 4 luglio 2013, pdf, Download
• Resolution on Cloud Computing – 34th International Conference of Data Protection and Privacy (2012), pdf, Download

DISA (Defence Information Systems Agency – USA)

• DoD Instruction 8500.01 Cybersecurity
• Chairman of the Joint Chiefs of Staff Manual 6510.01B Cyber Incident Handling Program
• Executive Order 13526 Classified National Security Information
• DoD Cloud Computing Security Requirements Guide (SRG)
• Security Technical Implementation Guide (STIG)
• Official DoD Issuances/Instructions
• Federal Risk and Authorization Management Program (FedRAMP)
• NIST Special Publications
• CNSSI 1253: Security Categorization and Controls Selection for National Security Systems
• CNSSI 4009: National Information Assurance (IA) Glossary
• NIST SP 800-37 Revision 1: Guide for Applying the Risk Management Framework to Federal Information Systems
• NIST SP 800-59: Guideline for Identifying an Information System as a National Security System
• NIST SP 800-66 Revision 1: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
• NIST SP 800-88 Revision 1: Guidelines for Media Sanitization
• NIST SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
• NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing
• NIST SP 800-145: Definition of Cloud Computing
• NIST SP 800-146: Cloud Computing Synopsis & Recommendations
• NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
• NIST SP 500-292: Cloud Computing Reference Architecture
• CIO Council & Chief Acquisition Officers Council: Creating Effective Cloud Computing Contracts for the Federal Government