| Security domain | Security classes | Risk factors |
|---|---|---|
| Cloud computing security technology implementation | Application security (A1) | WEB firewall, identity management, binary analysis, terminal access security, application security, application scanner |
| Data security (A2) | Data encryption, data masking, data residual erasure, access control, backup and recovery, data lineage | |
| Services security (A3) | Configuration management, log management, identity management, vulnerability management | |
| Host security (A4) | Trusted Computing, VM security, host firewall, intrusion prevention | |
| Network security (A5) | Network firewall, DNS security, intrusion detection, anti-DDOS, QoS / DNS Security | |
| Physical security (A6) | Physical environment, hardware equipment, personnel security |