Registry API Output to Registry Attribute Mapping
The parameter Attributename in the response maps to the registry attributes in the following list.
|
AttributeName |
Name |
Description |
|---|---|---|
|
Datasharingsupport |
File Sharing Support |
Does the service offer a file sharing method as part of its service offering? |
|
Datasharingcapacity |
File Capacity |
Does the service place limits of file uploads and sharing of data or does it offer unlimited sharing? |
|
Dataencryptionsupportedinrest |
Data Encryption at Rest |
Does the service encrypt data at-rest in its databases, file systems or at the virtual machine layer? |
|
Dataencryptionsupportedintransit |
Data Encryption in transit |
What mode of SSL or TLS does the vendor support for protecting data in motion? |
|
Servicetenancysupported |
Data Multi-tenancy |
Does the cloud service provider support a multi-tenant offering? |
|
Datamingling |
Encryption with Tenant Managed Keys (Data Mingling) |
If the service provider supports encryption of data at-rest in the tenant, how are keys managed and who controls the keys? |
|
Autosyncdata |
Auto Sync of Data |
Does the service provider offer a data sync application on desktop or mobile that allows for the synchronization of data between the devices and the cloud service provider? |
|
Serviceanonymoususe |
Anonymous Use |
Does the cloud service provider allow for anonymous access to the service? |
|
Multifactorauthentication |
Multi-factor Authentication |
Does the service provider support multi-factor authentication for end-users accessing the service? |
|
Identityfederationmethod |
Identity Federation Method |
What single sign-on methods does the cloud service provider support? |
|
Enterpriseidentity |
Enterprise Identity |
Does the cloud service provider support integration with enterprise directories or authentication providers? |
|
Pentesting |
Pentesting |
Does the vendor perform penetration testing on a regular basis? |
|
Serviceipfilteringsupported |
IP Filtering Support |
Does the cloud service provider support IP allow list blocks to restrict access to the enterprise tenant from unauthorized IP address spaces? |
|
Malwaresiteuse |
Are there any known malicious misuse of site by it users? |
Has the cloud service provider had a public disclosure of malware hosted on its site or been labeled as a known dropzone for malicious code within the given timeframe? |
|
Datalocation |
Service Hosting Locations |
Where is the geographic hosting location of cloud service provider? |
|
Providerrisk |
Compliance Certifications |
Which compliance certifications does the cloud service provider have (e.g. SSAE16, ISO 27001, SOC2, PCI, HIPAA, etc.)? |
|
Infrastructurestatusreporting |
Infrastructure Status Reporting |
Does the cloud service provider publish uptime and service availability statistics? |
|
Businesshq |
Business HQ |
Where is the cloud service provider business headquartered? |
|
Adminactivitylogging |
Admin Audit Logging |
Does the cloud service provider log administrative activities? |
|
Useractivitylogging |
User Activity Logging |
Does the cloud service provider log end-user activities? |
|
Dataaccesslogging |
Data Access Logging |
Does the cloud service provider log accesses to databases? |
|
Servicebusinesstype |
Business Type |
Is the cloud service provider focused on predominantly consumer or enterprise-based clientele? |
|
Servicenotinitarlist |
Service In ITAR List |
Is the cloud service provider listed in the International Traffic and Arms Regulations (ITAR) listing of Directorate of Defense Trade Controls (DDTC) certified providers? |
|
Indemnity |
Indemnity |
How is legal indemnity handled with cloud service provider per its terms of use? |
|
Jurisdictionallocation |
Jurisdictional Location |
Where is the geographical legal jurisdiction for the cloud service provider? |
|
Disputeresolution |
Dispute Resolution |
How are disputes handled between the cloud service provider and clients? |
|
Accounttermination |
Account Termination |
What are the grounds for account termination with the cloud service provider? |
|
Securityvulnerabilityperiod |
Is the service known to be compromised? |
Has the cloud service provider had a public disclosure of breach for its service within the given timeframe? |
|
Ipownership |
IP Ownership |
What are the specified definitions of intellectual property ownership in the terms of use for the cloud service provider? |
|
Dataretentionontermication |
Data Retention on Termination |
After a service contract or account is terminated, when does the cloud service provider delete the data in the tenant? |
|
Datacontenttypes |
Data Content Type |
What is the predominant content type for the cloud service provider (e.g. files, photos, music, etc.)? |
|
Accesscontrols |
Granular Access Controls |
Can the sharing of data be restricted at a user or group level? Can users control the level of access and rights to data? Can the sharing of information or access be controlled by time expiration? |
|
Dlpintegration |
DLP Integration |
Does the cloud service provider offer an integrated data loss prevention capability? |
|
Encryptionstrength |
Encyption Strength at Rest |
What encryption strength bit-length is used for data at-rest? |
|
Devicepinning |
Device Pinning |
Does the cloud service provider support a method to identify unique devices connecting and accessing the service? |
|
Statueoflimitations |
Statute of Limitations |
What are the statute of limitations specified for the cloud service provider? |
|
Privacypolicy |
Privacy Policy |
What privacy policies apply for the cloud service provider per the terms and conditions? |
|
Copyrightcontrols |
Copyright Controls |
What are the copyright controls adhered to by the cloud service provider? |
|
Serviceinustrlist |
Service In USTR List |
Is the cloud service provider listed in the U.S. Trade Representatives (USTR) notorious markets list? |
|
Cvevulnerability |
CVE Vulnerability |
Does the service have a known and published CVE vulnerability? |
|
Darknetsourceleak |
Source of Leak for Darknet |
Is the service a source for user credential or PII data leaks in the Darknet? |
|
SslcertExpiryage |
Expiry of SSL Certificate |
Duration by when the SSL Certificate will expire. |
|
SslcertSignaturealgorithm |
Signature Algorithm of SSL Certificate |
What is the signature algorithm used by the SSL Certificate. |
|
SslcertKeysize |
Key Size of SSL Certificate |
What is the key size used in SSL Certificate. |
|
Datacentersecurity |
Datacenter Security |
Does the service provide physical security perimeters (e.g., fences, guards, electronic surveillance, physical authentication mechanisms, security patrols, etc) to safeguard sensitive data and information systems at the datacenter? |
|
Securityincidentnotification |
Security Incident Notification |
Does the service incorporate timely notification of a security incident, malicious events or breach to all customers and stakeholders when such events are identified? |
|
Dataencryptionsupportedinbackup |
Data Encryption supported in Backup |
Does the service encrypt data in backup in its databases, file systems or at the virtual machine layer? |
|
Encryptionstrengthinbackup |
Encryption Strength in Backup |
What encryption strength bit-length is used for data in backup? |
|
Penaltyonsla |
Penalty on SLA |
Does the SLA define penalties when the service provider does not meet the agreed service levels? |
|
Wafprotection |
Application Security Vulnerability Protection |
Does the Service have Web Application Firewall Protection. |