Skip to main content

Menu

LEVEL 0
0/5 XP
HomeAboutTopicsPricingMy VaultStatsPractice TestsCertifications

Categories

🎓 Certifications
🤖 Artificial Intelligence
☁️ Cloud and Infrastructure
💾 Data and Databases
💼 Professional Skills
🎯 Programming and Development
🔒 Security and Networking
📚 Specialized Topics
CheatGrid
HomeAboutTopicsPricingMy VaultStatsPractice TestsCertifications
LVLEVEL 0
0/5 XP
GitHub
© 2026 CheatGrid™. All rights reserved.
Privacy PolicyTerms of UseAboutContact

Cloud Compliance and Governance Cheat Sheet

Cloud Compliance and Governance Cheat Sheet

Back to Cloud Computing
Updated 2026-05-25
Next Topic: Cloud Compute Cheat Sheet

Cloud compliance and governance form the critical oversight framework that ensures cloud infrastructure operates securely within regulatory boundaries while meeting business and legal obligations. As organizations migrate workloads to the cloud, they must navigate an increasingly complex landscape of data privacy laws, industry-specific regulations, security standards, and shared responsibility models that define who owns which security controls. Compliance is not a one-time checkbox — it's a continuous program of policy enforcement, automated monitoring, audit-ready evidence collection, and risk-based decision-making. Understanding the distinction between regulatory requirements (what the law demands), certification standards (what third-party audits validate), and governance frameworks (how you operationalize both) is essential for building resilient, audit-ready cloud environments that scale without sacrificing trust or exposing the organization to regulatory penalties.

What This Cheat Sheet Covers

This topic spans 10 focused tables and 103 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Major Compliance Standards and RegulationsTable 2: Cloud Governance Frameworks and PoliciesTable 3: Audit and Attestation MechanismsTable 4: Data Protection RequirementsTable 5: Access Control and Identity ManagementTable 6: Monitoring and Incident ResponseTable 7: Vendor and Third-Party Risk ManagementTable 8: Compliance Automation Tools and TechnologiesTable 9: Emerging Trends and Advanced TopicsTable 10: Cloud-Specific Compliance Considerations

Table 1: Major Compliance Standards and Regulations

The regulatory landscape for cloud environments has expanded dramatically — spanning U.S. federal and state privacy laws, EU digital regulations, financial-sector resilience mandates, and international AI governance standards. Each framework assigns specific obligations; knowing which applies to your environment and data is the first step of any compliance program.

StandardExampleDescription
GDPR (General Data Protection Regulation)
Data processing consent, right to erasure, data portability, breach notification within 72 hours
• EU regulation enforcing data privacy and sovereignty for personal data of EU citizens
• applies globally to any organization processing EU data
• penalties up to 4% of annual global revenue or €20M
• requires data protection impact assessments (DPIAs) for high-risk processing.
HIPAA (Health Insurance Portability and Accountability Act)
MFA everywhere, encryption at rest/in transit, 72-hour data restoration, annual penetration testing
• U.S. healthcare data protection law requiring technical, physical, and administrative safeguards for electronic protected health information (ePHI)
• 2026 Security Rule updates mandate MFA, annual pentests, and biannual vulnerability scanning
• Business Associate Agreements (BAAs) required for cloud vendors.
PCI DSS (Payment Card Industry Data Security Standard)
PCI DSS 4.0.1: Tokenization, network segmentation, quarterly ASV scans, targeted risk analysis
• Mandates 12 foundational security requirements for any organization that stores, processes, or transmits payment card data
• non-compliance fines range 5,000–100,000/month
• v4.0.1 adds targeted risk analysis, enhanced multi-factor requirements, and expanded e-commerce controls.
SOC 2 Type II
6–12 month observation of controls' operational effectiveness against Trust Services Criteria
• Evaluates both design and operating effectiveness of controls over a minimum 6-month period
• covers security, availability, confidentiality, processing integrity, and privacy
• provides deeper assurance than Type I and is preferred by enterprise customers
• requires continuous evidence collection.
ISO 27001
Risk-based ISMS with 93 controls across 4 themes (2022 edition)
• International standard for information security management systems (ISMS)
• ISO 27001:2022 restructured controls into Organizational, People, Physical, and Technological themes
• certification involves third-party audit and surveillance audits every 1–3 years.
FedRAMP (Federal Risk and Authorization Management Program)
Low, Moderate, High authorization levels based on data sensitivity
• U.S. government cloud security assessment program requiring CSPs to achieve standardized security authorization before handling federal data
• built on NIST 800-53 controls
• reduces duplicative audits across agencies
• FedRAMP 20x modernization (2025) streamlines the authorization process.
NIST Cybersecurity Framework (CSF 2.0)
Govern, Identify, Protect, Detect, Respond, Recover
• Voluntary U.S. framework organizing cybersecurity activities into six functions
• CSF 2.0 (2024) adds "Govern" function and emphasizes supply chain risk and organizational accountability
• widely adopted for building risk-based security programs across sectors.
DORA (Digital Operational Resilience Act)
EU bank must maintain tested failover for trading systems; document cloud provider contingency plans
• EU regulation effective January 17, 2025 requiring financial entities and their critical ICT providers (including cloud CSPs) to maintain operational resilience
• five pillars: ICT risk management, operational continuity, third-party oversight, incident reporting, and information sharing
• extraterritorial: applies to non-EU companies providing ICT services to EU financial firms.

More in Cloud Computing

  • Cloud Auto-Scaling Cheat Sheet
  • Cloud Compute Cheat Sheet
  • AI Agent Mesh and Agentic Cloud Infrastructure Cheat Sheet
  • Cloud Computing Basics Cheat Sheet
  • Cloud Pricing Models and Commitments Cheat Sheet
  • Google Cloud Platform - GCP Core Cheat Sheet
View all 57 topics in Cloud Computing