VERSION
3
STYLE
GUIDE
1 Structure
1.1 Subdivision
of
the
subject
matter
1.1.1 General
Rule
Domain
content
is
so
diverse
that
no
universally
acceptable
rules
can
be
established
for
the
subdivision
of
the
subject
matter.
However,
as
a
general
rule,
an
individual
section
within
each
domain
should
be
prepared
for
each
subject
to
be
standardized,
and
published
as
a
complete
entity.
In
these
specific
cases:
a) the
domain
is
likely
to
become
too
voluminous,
b) subsequent
portions
of
the
content
are
interlinked,
c) portions
of
the
domain
could
be
referred
to
in
regulations,
or
d) portions
of
the
domain
are
intended
to
serve
for
certification
purposes,
the
domain
may
be
split
into
separate
subsections
under
the
same
number.
This
has
the
advantage
that
each
subsection
can
be
changed
separately
when
the
need
arises.
In
particular,
the
aspects
of
a
domain
that
will
be
of
separate
interest
to
different
parties
(e.g.
*aaS
providers,
certification
bodies,
legislative
bodies)
shall
be
clearly
distinguished,
preferably
as
separate
sections.
1.1.2 Subdivision
of
the
domain
subject
matter
within
a
series
of
subsections
There
are
two
ways
of
achieving
this:
a)
Each
subsection
deals
with
a
specific
aspect
of
the
subject
and
can
stand
alone .
EXAMPLE
1
Subsection
1:
Governance
Subsection
2:
Risk
Subsection
3:
Compliance
Subsection
4:
…
a) Each
subsection
supports
the
subject
foundation
and
is
interdependent.
VERSION
3
STYLE
GUIDE
EXAMPLE
2
Subsection
1:
Hypervisor
Subsection
2:
Virtual
Machine
1.2 Description
and
numbering
of
divisions
and
subdivisions
1.2.1 Subsection
Numbering
Error! Reference source not found..1 The
number
of
a
subsection
shall
be
indicated
by
Arabic
numerals,
beginning
with
1,
following
the
domain
number
and
preceded
by
a
period;
for
example,
1.1,
1.1.1,
1.2,
1.2.1,
1.2.1.1,
etc.
Domains
shall
not
be
further
subdivided
beyond
five
tiers.
Error! Reference source not found..2 If
a
domain
is
published
in
the
form
of
a
number
of
separate
subsections,
the
first
section
shall
include
an
explanation,
titled
“Overview”,
stating
the
intended
structure
for
the
subsequent
subsections.
A
reference
shall
be
made
to
the
titles
of
all
other
subsections
that
will
be
published.
1.2.2 Clause
A
clause
is
the
basic
component
in
the
subdivision
of
the
content
of
a
domain.
The
clauses
in
each
domain
or
subsection
shall
be
numbered
with
Arabic
numerals,
beginning
with
Domain
number.1
for
the
“Overview”
clause.
The
numbering
shall
be
continuous.
Each
clause
shall
have
a
title,
placed
immediately
after
its
number,
on
a
line
separate
from
the
text
that
follows
it.
Key
terms
or
phrases
(composed
in
distinctive
type)
appearing
for
the
first
time
in
the
text
of
the
clause
may
be
used
to
call
attention
to
the
subject
matter
defined.
Such
terms
or
phrases
shall
not
be
listed
in
the
table
of
contents.
1.2.3 Subclause
A
subclause
is
a
numbered
subdivision
of
a
clause.
A
primary
subclause
(e.g.
5.1,
5.2,
etc.)
may
be
subdivided
into
secondary
subclauses
(e.g.
5.1.1,
5.1.2,
etc.),
and
this
process
of
subdivision
may
be
continued
as
far
as
the
fifth
level
(e.g.
5.1.1.1.1.1,
5.1.1.1.1.2,
etc.).
Subclauses
shall
be
numbered
with
Arabic
numerals.
A
subclause
shall
not
be
created
unless
there
is
at
least
one
further
subclause
at
the
same
level.
For
example,
text
in
Clause
10
shall
not
be
designated
subclause
“10.1”
unless
there
is
also
a
subclause
“10.2”.
VERSION
3
STYLE
GUIDE
Each
primary
subclause
should
preferably
be
given
a
title,
which
shall
be
placed
immediately
after
its
number,
on
a
line
separate
from
the
text
that
follows
it.
Secondary
subclauses
may
be
treated
in
the
same
way.
Within
a
clause
or
subclause,
the
use
of
titles
shall
be
uniform
for
subclauses
at
the
same
level,
e.g.
if
10.1
has
a
title,
10.2
shall
also
have
a
title.
Key
terms
or
phrases
(composed
in
distinctive
type)
appearing
for
the
first
time
in
the
text
of
the
subclause
may
be
used
to
call
attention
to
the
subject
matter
defined.
Such
terms
or
phrases
shall
not
be
listed
in
the
table
of
contents.
1.2.4 Paragraph
A
paragraph
is
an
unnumbered
subdivision
of
a
clause
or
subclause.
“Hanging
paragraphs”
such
as
those
shown
in
the
following
example
shall
be
avoided
since
reference
to
them
is
ambiguous.
EXAMPLE
In
the
following
example,
the
hanging
paragraphs
indicated
cannot
be
uniquely
identified
as
being
in
“Clause
5”
since
strictly
speaking
the
paragraphs
in
5.1
and
5.2
are
also
in
Clause
5.
To
avoid
this
problem
it
is
necessary
to
identify
the
hanging
paragraphs
as
subclause
“5.1
General”
(or
other
suitable
title)
and
to
renumber
the
existing
5.1
and
5.2
accordingly
(as
shown),
to
move
the
hanging
paragraphs
elsewhere,
or
to
delete
them.
Incorrect
Correct
5
Domain
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
5
Domain
hanging
paragraphs
5.1
Overview
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
5.1
Xxxxxxxxxxx
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
5.2
Xxxxxxxxxxx
5.2
Xxxxxxxxxxx
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
5.3
Xxxxxxxxxxx
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
The
quick
brown
fox
jumps
over
the
lazy
dog.
1.2.5 Lists
Lists
should
be
introduced
by
a
sentence,
a
complete
grammatical
proposition
followed
by
a
colon
(see
Example
1),
or
by
the
first
subsection
of
a
proposition
(without
a
colon
—
see
Example
3),
completed
by
the
items
in
the
list.
Each
item
in
a
list
shall
be
preceded
by
a
dash
or
a
bullet
or,
if
necessary
for
identification,
by
a
lower
case
letter
followed
by
a
parenthesis.
If
it
is
necessary
to
subdivide
further
an
item
in
the
latter
type
of
list,
Arabic
numerals
followed
by
a
parenthesis
shall
be
used
(see
Example
2).
VERSION
3
STYLE
GUIDE
To
aid
comprehension,
it
may
be
preferable
not
to
continue
a
sentence
after
the
end
of
the
type
of
list
given
in
Example
3.
Key
terms
or
phrases
may
be
composed
in
distinctive
type
to
call
attention
to
the
subject
matter
dealt
with
in
the
various
list
items
(see
Example
1).
Such
terms
or
phrases
shall
not
be
listed
in
the
table
of
contents;
if
it
is
necessary
that
they
be
included
in
the
table
of
contents,
they
shall
not
be
presented
as
list
items
but
as
subclause
titles.
EXAMPLE
1
No
switch
is
required
for
any
of
the
following
categories
of
*aaS
infrastructure:

SOA
message
bus

Transaction
processor

Virtual
backplane
EXAMPLE
2
The
following
basic
principles
shall
apply
to
the
drafting
of
definitions.
a) The
definition
shall
have
the
same
grammatical
form
as
the
term:
b)

to
define
a
verb,
a
verbal
phrase
shall
be
used;

to
define
a
singular
noun,
the
singular
shall
be
used.
1
When
introducing
a
new
acronym,
use
a
superscript,
e.g.,
CSA and
define
again
in
footnote
for
easy
reference.
The
first
use
of
the
acronym
and
its
definition
will
be
bolded.
See
footnote
below. EXAMPLE
3
Vibrations
in
the
apparatus
may
be
caused
by

unbalance
in
the
rotating
elements,

slight
deformations
in
the
frame,

the
rolling
bearings,
and

aerodynamic
loads.
1.2.6 Overview
This
element
shall
appear
at
the
beginning
of
each
domain
and
define
without
ambiguity
the
subject
of
the
domain
and
the
aspects
covered,
thereby
indicating
the
limits
of
applicability
of
the
domain
or
particular
subsections
of
it.
It
shall
not
contain
requirements.
Domains
that
are
subdivided
into
subsections,
shall
not
cover
anything
not
defined
in
that
domain.
The
overview
shall
be
succinct
so
that
it
can
be
used
as
a
summary
for
bibliographic
purposes.
1
<Use
superscript/footnote
to
define
acronyms,
e.g.,
CSA‐Cloud
Security
Alliance>
VERSION
3
STYLE
GUIDE
This
element
shall
be
worded
as
a
series
of
statements
of
fact.
Forms
of
expression
such
as
the
following
shall
be
used:
“This
Domain
the
dimensions
of
…”
a
method
of
…”
—
specifies
the
characteristics
of
…”
a
system
for
…”
—
establishes
general
principles
for
…”
—
gives
guidelines
for
…”
—
defines
terms
…”
Statements
of
applicability
of
the
domain
shall
be
introduced
by
wording
such
as:
“This
Domain
is
applicable
to
…”
The
wording
shall
be
altered
as
a
function
of
the
domain
type
concerned.
1.3 Common
rules
and
elements
1.3.1 Verbal
forms
for
the
expression
of
provisions
1.3.1.1 A
domain
requirement
does
impose
an
obligation
upon
readers
to
follow
it.
Such
an
obligation
may
be
imposed,
for
example,
by
legislation
or
by
a
contract.
In
order
to
be
able
to
claim
compliance
with
a
domain,
the
user
needs
to
be
able
to
identify
the
requirements
he/she
is
obliged
to
satisfy.
The
user
also
needs
to
be
able
to
distinguish
these
requirements
from
other
provisions
where
there
is
a
certain
freedom
of
choice,
such
as
the
recommendation
section.
Permission
really
means
options.
For
example,
if
there
are
five
ways
to
do
the
same
thing,
such
as
multiple
ways
to
achieve
a
desired
goal
with
different
technology
approaches,
then
these
are
the
user’s
options.
None
of
those
things/actions
are
mandatory
or
required,
the
user
does
not
have
to
have
them,
but
you
can
have
them.
"You
are
permitted
the
x
algorithm
or
y
algorithm."
For
permissions,
the
user
is
allowed
to
use
more
than
one
approach
to
achieve
the
same
objective.
1.3.1.2 Clear
rules
for
the
use
of
verbal
forms
(including
modal
auxiliaries)
are
therefore
essential.
1.3.1.3 The
following
tables
give,
in
the
first
column
of
each
table,
the
verbal
form
that
shall
be
used
to
express
each
kind
of
provision.
The
equivalent
expressions
given
in
the
second
column
shall
be
used
only
in
exceptional
cases
when
the
form
given
in
the
first
column
cannot
be
used
for
linguistic
reasons.
NOTE
Only
singular
forms
are
shown.
The
verbal
forms
shown
in
Table
A.1
shall
be
used
to
indicate
requirements
strictly
to
be
followed
in
order
to
conform
to
the
domain
and
from
which
no
deviation
is
permitted.
VERSION
3
STYLE
GUIDE
Verbal
forms
for
the
expression
of
provisions
Table
A.1
—
Requirement
Verbal
form
shall
Equivalent
expressions
for
use
in
exceptional
cases
(see
6.6.1.3)
is
to
is
required
to
it
is
required
that
has
to
only
…
is
permitted
it
is
necessary
shall
not
is
not
allowed
[permitted]
[acceptable]
[permissible]
is
required
to
be
not
is
required
that
…
be
not
is
not
to
be
Do
not
use
“must”
as
an
alternative
for
“shall”.
(This
will
avoid
any
confusion
between
the
requirements
of
a
domain
and
external
statutory
obligations.)
Do
not
use
“may
not”
instead
of
“shall
not”
to
express
a
prohibition.
To
express
a
direct
instruction,
for
example
referring
to
steps
to
be
taken
in
a
test
method,
use
the
imperative
mood
in
English.
EXAMPLE
“Switch
on
the
recorder.”
The
verbal
forms
shown
in
Table
A.2
shall
be
used
to
indicate
that
among
several
possibilities
one
is
recommended
as
particularly
suitable,
without
mentioning
or
excluding
others,
or
that
a
certain
course
of
action
is
preferred
but
not
necessarily
required,
or
that
(in
the
negative
form)
a
certain
possibility
or
course
of
action
is
deprecated
but
not
prohibited.
VERSION
3
STYLE
GUIDE
Table
A.2
—
Recommendation
Verbal
form
should
Equivalent
expressions
for
use
in
exceptional
cases
(see
6.6.1.3)
it
is
recommended
that
ought
to
should
not
it
is
not
recommended
that
ought
not
to
In
French,
do
not
use
“devrait”
in
this
context.
The
verbal
forms
shown
in
Table
A.3
shall
be
used
to
indicate
a
course
of
action
permissible
within
the
limits
of
the
domain.
Table
A.3
—
Permission
Verbal
form
may
Equivalent
expressions
for
use
in
exceptional
cases
is
permitted
is
allowed
is
permissible
need
not
it
is
not
required
that
no
…
is
required
Do
not
use
“possible”
or
“impossible”
in
this
context.
Do
not
use
“can”
instead
of
“may”
in
this
context.
NOTE
1
“May”
signifies
permission
expressed
by
the
domain,
whereas
“can”
refers
to
the
ability
of
a
user
of
the
domain
or
to
a
possibility
open
to
him/her.
The
verbal
forms
shown
in
Table
A.4
shall
be
used
for
statements
of
possibility
and
capability,
whether
material,
physical
or
causal.
Table
A.4
—
Possibility
and
capability
Verbal
form
can
Equivalent
expressions
for
use
in
exceptional
cases
be
able
to
there
is
a
possibility
of
VERSION
3
STYLE
GUIDE
it
is
possible
to
cannot
be
unable
to
there
is
no
possibility
of
it
is
not
possible
to
NOTE
See
Notes
1
and
2
to
Table
A.3.
1.4 Punctuation
1.4.1 Period
Usage
Place
two
spaces
after
each
period
ending
a
sentence
and
after
each
term
to
be
defined.
Place
one
space
after
a
period
for
section
numbering.
1.4.2 Commas
1.4.2.1 Three
or
More
Things
When
listing
out
nouns,
verbs,
or
phrases
in
a
sentence,
use
a
comma
to
separate
the
elements
in
a
series
(three
or
more
things),
including
the
last
two.
You
may
have
learned
that
the
comma
before
a
comma
shall
precede
the
“and”
and
the
“or.”
EXAMPLE
1
"He
hit
the
ball,
dropped
the
bat,
and
ran
to
first
base."
EXAMPLE
2
Resource
pooling
is
the
creation,
division,
and
management
of
system
resources
across
multiple
clients.
1.4.2.2 Introductory
Elements
Use
a
comma
to
set
off
introductory
elements.
EXAMPLE
"Running
toward
third
base,
he
suddenly
realized
how
stupid
he
looked."
1.4.2.3 Two
Independent
Clauses
Use
a
comma
+
a
little
conjunction
(and,
but,
for,
nor,
yet,
or,
so)
to
connect
two
independent
clauses.
EXAMPLE
"He
hit
the
ball
well,
but
he
ran
toward
third
base."
VERSION
3
STYLE
GUIDE
1.4.2.4 Parenthetical
Elements
Use
a
comma
to
set
off
parenthetical
elements.
By
"parenthetical
element,"
we
mean
a
part
of
a
sentence
that
can
be
removed
without
changing
the
essential
meaning
of
that
sentence.
The
parenthetical
element
is
sometimes
called
"added
information."
EXAMPLE
"The
Founders
Bridge,
which
spans
the
Connecticut
River,
is
falling
down."
1.4.2.5 Conjunctions
Use
a
comma
+
a
little
conjunction
(and,
but,
for,
nor,
yet,
or,
so)
to
connect
two
independent
clauses.
EXAMPLE
"He
hit
the
ball
well,
but
he
ran
toward
third
base."
1.4.2.6 Separate
Coordinate
Adjectives
Use
a
comma
to
separate
coordinate
adjectives.
You
could
think
of
this
as
"That
tall,
distinguished,
good
looking
fellow"
rule
(as
opposed
to
"the
little
old
lady").
If
you
can
put
an
and
or
a
but
between
the
adjectives,
a
comma
will
probably
belong
there.
EXAMPLE
For
instance,
you
could
say,
"He
is
a
tall
and
distinguished
fellow"
or
"I
live
in
a
very
old
and
run‐down
house."
So
you
would
write,
"He
is
a
tall,
distinguished
man"
and
"I
live
in
a
very
old,
run‐
down
house."
But
you
would
probably
not
say,
"She
is
a
little
and
old
lady,"
or
"I
live
in
a
little
and
purple
house,"
so
commas
would
not
appear
between
little
and
old
or
between
little
and
purple.
1.4.2.7 Quoted
Elements
Use
a
comma
to
set
off
quoted
elements.
Generally,
use
a
comma
to
separate
quoted
material
from
the
rest
of
the
sentence
that
explains
or
introduces
the
quotation.
Be
careful
not
to
use
commas
to
set
off
quoted
elements
introduced
by
the
word
that
or
quoted
elements
that
are
embedded
in
a
larger
structure.
EXAMPLE
1
Summing
up
this
argument,
Peter
Coveney
writes,
"The
purpose
and
strength
of
the
romantic
image
of
the
child
had
been
above
all
to
establish
a
relation
between
childhood
and
adult
consciousness."
EXAMPLE
2
The
question
is,"
said
Alice,
"whether
you
can
make
words
mean
so
many
things."
EXAMPLE
3
"I
should
like
to
buy
an
egg,
please,"
she
said
timidly.
"How
do
you
sell
them?"
EXAMPLE
4
Peter
Coveney
writes
that
"[t]he
purpose
and
strength
of
.
.
."
We
often
say
"Sorry"
when
we
don't
really
mean
it.
1.4.2.8 Contrast
Use
commas
to
set
off
phrases
that
express
contrast.
VERSION
3
STYLE
GUIDE
EXAMPLE
Some
say
the
world
will
end
in
ice,
not
fire.
1.4.2.9 Confusion
Use
a
comma
to
avoid
confusion.
EXAMPLE
Outside
the
lawn
was
cluttered
with
hundreds
of
broken
branches.
Outside,
the
lawn
was
cluttered
with
hundreds
of
broken
branches.
1.4.2.10 Subject
and
Verb
Never
use
only
one
comma
between
a
subject
and
its
verb.
EXAMPLE
"Believing
completely
and
positively
in
oneself
is
essential
for
success."
[Although
readers
might
pause
after
the
word
"oneself,"
there
is
no
reason
to
put
a
comma
there.]
1.4.2.11 Typographical
Typographical
Reasons:
Between
a
city
and
a
state
[Hartford,
Connecticut],
a
date
and
the
year
[June
15,
1997],
a
name
and
a
title
when
the
title
comes
after
the
name
[Bob
Downey,
Professor
of
English],
in
long
numbers
[5,456,783
and
$14,682],
etc.
Although
you
will
often
see
a
comma
between
a
name
and
suffix
—
Bob
Downey,
Jr.,
Richard
Harrison,
III
—
this
comma
is
no
longer
regarded
as
necessary
by
most
copy
editors,
and
some
individuals
—
such
as
Martin
Luther
King
Jr.
—
never
used
a
comma
there
at
all.
1.5 Dates
To
avoid
international
confusion,
dates
shall
be
written
out
by
month,
followed
by
day,
followed
by
a
comma,
and
followed
by
the
year
in
four
digits.
EXAMPLE
May
5,
2011
1.6 Writing
Numbers
1.6.1 General
Spell
out
single‐digit
whole
numbers.
Use
numerals
for
numbers
greater
than
nine.
EXAMPLE
I
want
five
copies.
I
want
10
copies.
1.6.2 Consistent
in
a
category
Be
consistent
within
a
category.
For
example,
if
you
choose
numerals
because
one
of
the
numbers
is
greater
than
nine,
use
numerals
for
all
numbers
in
that
category.
If
you
choose
to
spell
out
numbers
because
one
of
the
numbers
is
a
single
digit,
spell
out
all
numbers
in
that
category.
VERSION
3
STYLE
GUIDE
If you have numbers in different categories, use numerals for one category
and spell out the other.
EXAMPLE
My
10
cats
fought
with
their
2
cats.
My
ten
cats
fought
with
their
two
cats.
1.6.3 Simple
Fractions
Always
spell
out
simple
fractions
and
use
hyphens
with
them.
EXAMPLE
One‐half
of
the
pies
have
been
eaten.
A
two‐thirds
majority
is
required
for
that
bill
to
pass
in
Congress.
1.6.4 Mixed
Fractions
A
mixed
fraction
can
be
expressed
in
figures
unless
it
is
the
first
word
of
a
sentence.
EXAMPLE
We
expect
a
5
1/2
percent
wage
increase.
Five
and
one‐half
percent
was
the
maximum
allowable
interest.
1.6.5 Large
Numbers
The
simplest
way
to
express
large
numbers
is
best.
Round
numbers
are
usually
spelled
out.
Be
careful
to
be
consistent
within
a
sentence.
EXAMPLE
Correct:
Incorrect:
Correct:
Correct:
Incorrect:
Incorrect:
You
can
earn
from
one
million
to
five
million
dollars.
You
can
earn
from
one
million
to
$5,000,000.
You
can
earn
from
five
hundred
to
five
million
dollars.
You
can
earn
from
$5
hundred
to
$5
million.
You
can
earn
from
$500
to
$5
million.
You
can
earn
from
$500
to
five
million
dollars.
1.6.6 Decimals
Write
decimals
in
figures.
Put
a
zero
in
front
of
a
decimal
unless
the
decimal
itself
begins
with
a
zero.
EXAMPLE
The
plant
grew
0.79
of
a
foot
in
one
year.
The
plant
grew
only
.07
of
a
foot
this
year
because
of
the
drought.
1.6.7 Decimals
and
Commas
With
numbers
that
have
decimal
points,
use
a
comma
only
when
the
number
has
five
or
more
digits
before
the
decimal
point.
Place
the
comma
in
front
of
the
third
digit
to
the
left
of
the
decimal
point.
When
writing
out
such
numbers,
use
VERSION
3
STYLE
GUIDE
the
comma
where
it
would
appear
in
the
figure
format.
Use
the
word
and
where
the
decimal
point
appears
in
the
figure
format.
EXAMPLE
$15,768.13:
Fifteen
thousand,
seven
hundred
sixty‐eight
dollars
and
thirteen
cents
$1054.21:
One
thousand
fifty‐four
dollars
and
twenty‐one
cents
Note:
If
the
number
has
no
decimal
point,
authorities
disagree
on
whether
to
begin
using
the
comma
with
four‐digit
numbers
or
to
begin
using
the
comma
with
five‐digit
numbers.
When
writing
out
these
numbers,
I
recommend
using
the
comma
where
it
appears
in
the
numerical
form.
1,054
schools
OR
1054
schools:
one
thousand,
fifty‐four
schools
OR
one
thousand
fifty‐four
schools
12,154
schools:
twelve
thousand,
one
hundred
fifty‐four
schools
1.6.8 Decades
When
expressing
decades,
you
may
spell
them
out
and
lowercase
them.
If
you
wish
to
express
decades
using
incomplete
numerals,
put
an
apostrophe
before
the
incomplete
numeral
but
not
between
the
year
and
the
s.
You
may
also
express
decades
in
complete
numerals.
Again,
don't
use
an
apostrophe
between
the
year
and
the
s.
EXAMPLE
1
During
the
eighties
and
nineties,
the
U.S.
economy
grew.
EXAMPLE
2
Correct:
Incorrect:
During
the
'80s
and
'90s,
the
U.S.
economy
grew.
During
the
'80's
and
'90's,
the
U.S.
economy
grew.
EXAMPLE
3
During
the
1980s
and
1990s,
the
U.S.
economy
grew.
1.6.9 Time
of
Day
Normally,
spell
out
the
time
of
day
in
text
even
with
half
and
quarter
hours.
With
o'clock,
the
number
is
always
spelled
out.
Use
numerals
with
the
time
of
day
when
exact
times
are
being
emphasized
or
when
using
A.M.
or
P.M.
EXAMPLE
She
gets
up
at
four
thirty
before
the
baby
wakes
up.
The
baby
wakes
up
at
five
o'clock
in
the
morning.
Monib's
flight
leaves
at
6:22
A.M.
Please
arrive
by
12:30
sharp.
She
had
a
7:00
P.M.
deadline.
1.6.10 Hyphens
Hyphenate
all
compound
numbers
from
twenty‐one
through
ninety‐nine.
VERSION
3
STYLE
GUIDE
EXAMPLE
Forty‐three
persons
were
injured
in
the
train
wreck.
Twenty‐three
of
them
were
hospitalized.
1.6.11 Beginning
of
Sentence
Write
out
a
number
if
it
begins
a
sentence.
EXAMPLE
Twenty‐nine
people
won
an
award
for
helping
their
communities.
That
29
people
won
an
award
for
helping
their
communities
was
fantastic!
OR
That
twenty‐nine
people
won
an
award
for
helping
their
communities
was
fantastic.
2 Content
2.1 Alignment
with
other
CSA
standards
2.1.1 Cloud
Control
Matrix
Each
domain
shall
be
mapped
to
the
corresponding
cloud
controls
found
at
https://cloudsecurityalliance.org/research/projects/cloud‐controls‐matrix‐ccm/.
Writers
should
familiarize
themselves
with
the
Control
Areas,
Control
ID,
and
Control
Specifications
contained
within
their
domain.
Use
the
key
point
blue
box
within
the
template
to
define
the
relationship
of
the
control
to
the
domain.
2.1.2 Consensus
Assessment
Initiative
Questionnaire
Each
domain
may
be
mapped
to
the
corresponding
cloud
CAIQ
questions
when
applicable:
https://cloudsecurityalliance.org/research/projects/consensus‐
assessments‐initiative/.
Writers
should
familiarize
themselves
with
the
questions,
how
they
relate
to
the
controls,
and
those
controls
fit
within
each
domain.
Use
the
key
point
blue
box
within
the
template
to
define
the
relationship
of
the
questions
to
the
domain
when
applicable.
2.1.3 Cloud
Audit
Specific
domains
may
benefit
from
the
use
of
cloud
audit
ontology
as
a
technical
example.
A
writer
familiar
with
the
cloud
audit,
URI
format,
and
usage
may
use
the
key
point
blue
box
within
the
template
to
provide
an
example
of
a
cloud
audit
URI
statement.
2.1.4 Trusted
Cloud
Initiative
The
Trusted
Cloud
Initiative
Reference
Architecture
may
be
used
as
the
primary
reference
architecture
describing
particular
domains.
Writers
should
familiarize
themselves
with
the
TCI
architecture
and
when
appropriate
reference
that
architecture
and
its
relationship
to
their
domain.
VERSION
3
STYLE
GUIDE
2.1.5 Common
Assurance
Maturity
Model
The
use
of
the
common
assurance
maturity
model
is
the
preferred
measure
of
risk,
but
its
use
is
entirely
optional.
2.1.6 Cloud
SIRT
The
reference
to
Cloud
Security
Incident
Response
team
is
an
optional
mechanism
for
highlighting
cooperative
security
services
within
the
CloudCERT
Initiative.
More
information
on
the
initiative
can
be
found
https://cloudsecurityalliance.org/research/projects/cloudsirt/.
3 Glossary
CRM
Customer
Relationship
Management
CSA
Cloud
Security
Alliance
DBMS
Data
Base
Management
System
DMTF
Distributed
Management
Task
Force
DMZ
Demilitarized
Zone,
usually
part
of
a
firewall
that
in
unsecured
DR
Disaster
Recovery
ESB
Enterprise
Service
Bus
Eucalyptus
A
software
platform
for
the
implementation
of
private
cloud
computing
on
computer
clusters.
FISMA
Federal
Information
Security
Management
Act
FOIA
Freedom
of
Information
Act
FTP
File
Transfer
Protocol
GRC
Governance,
Risk,
and
Compliance
HIPAA
The
Health
Insurance
Portability
and
Accountability
Act
(HIPAA)
of
1996
(P.L.104‐191)
[HIPAA]
was
enacted
by
the
U.S.
Congress
in
1996.
HVAC
Heating,
Ventilation,
and
Air
Conditioning
Hybrid
Cloud
The
cloud
infrastructure
is
a
composition
of
two
or
more
clouds
(private,
community,
or
public)
that
remain
unique
entities
but
are
bound
together.
IA
Information
Assurance
IaaS
Infrastructure
as
a
Service
IAM
Identity
Access
Management
IDaaS
Identity
as
a
Service
IdP
Identity
Provider
IEC
International
Electrotechnical
Commission
IEEE
Institute
of
Electrical
and
Electronics
Engineers
IRM
Information
Risk
Management
ISO
International
Standards
Organization
KMIP
OasisKey
Management
Interoperability
Protocol
VERSION
3
STYLE
GUIDE
LAMP
Is
an
acronym
for
a
solution
stack
of
free,
open
source
software,
which
includes
Linux
(operating
system),
Apache
HTTP
Server,
MySQL
(database
software)
and
Perl/PHP/Python
Multi‐Tenancy
Implies
a
need
for
policy‐driven
enforcement,
segmentation,
isolation,
governance,
service
levels,
and
chargeback/billing
models
for
different
consumer
constituencies.
MX
Mail
eXchange
NARA
National
Archives
and
Records
Administration
NAT
Network
Address
Translation
NIST
National
Institute
of
Standards
OATH
Open
Authentication
OMB
Office
of
Management
and
Budget
OVF
DMTF
Open
Virtualization
Format
PaaS
Platform
as
a
service
PCI
DSS
Payment
Card
Industry
Data
Security
Standard
PDP
Policy
Decision
Point
PEP
Policy
Enforcement
Point
PII
Personally
Identifiable
Information
Private
Cloud
The
cloud
infrastructure
is
operated
solely
for
a
single
organization.
It
may
be
managed
by
the
organization
or
a
third
party
and
may
exist
on‐
premises
or
off
premises.
Public
Cloud
The
cloud
infrastructure
is
made
available
to
the
general
public
or
a
large
industry
group
and
is
owned
by
an
organization
selling
cloud
services.
Resource
pooling
The
creation,
division,
and
management
of
system
resources
across
multiple
clients.
RFP
Request
for
Proposal
RTO
Recovery
Time
Objectives
SaaS
Software
as
a
service
SAML
Security
Assertion
Markup
Language
(SAML)
is
an
XML‐based
open
standard
for
exchanging
authentication
and
authorization
data
between
security
domains.
SAS
70
Statement
on
Auditing
Standards
No.
70
reports
on
the
processing
of
Transactions
by
service
organizations
SDLC
Software
Development
Life
Cycle
SECS
SaaS
E‐mail
and
Collaboration
Solution
SEIM
Security
Information
and
Event
Management
Service
provider
The
provider
of
cloud
infrastructure,
platform,
or
software
services
SLA
Service
Level
Agreement
SOA
Service
Oriented
Architecture
SOAP
Simple
Object
Access
Protocol
SOC
Security
Operations
Center
SP
Service
Provider
SPI
Software
as
a
service,
Platform
as
a
service,
Infrastructure
as
a
Service
VERSION
3
STYLE
GUIDE
SPML
Service
Provisioning
Markup
Language
(SPML)
is
an
XML‐based
framework,
being
developed
by
OASIS,
for
exchanging
user,
resource,
and
service
provisioning
information
between
cooperating
organizations.
SQL
Structured
Query
Language
URL
Uniform
Resource
Locator
VM
Virtual
Machine,
a
completely
isolated
operating
system
installation
within
your
normal
operating
system.
VPN
Virtual
Private
Network
VSP
Vendor
Security
Process
WPA
WiFi
Protected
Access
WS‐Federation
An
Identity
Federation
specification
XACML
eXtensible
Access
Control
Markup
Language
XML
eXtensible
Markup
Language