Customer Questionnaire – CloudFortress

Section 1:

Users & Endpoint

Total numbers of

Other?

Remote Workers

Yes No

If yes? How many?

Locally Hosted Microsoft Exchange Server

Yes No

Number of mailboxes

Locally Hosted Domain Controllers

Yes No

How many? OS Version(s):

File Server/DFS

Yes No

Storage Size

Network Switches (brand/model)

Quantity:

Patch Panel

Organized Needs Improvement Unknown

Firewall Present

Yes No

Wi-Fi Acess Points

Yes No

Models & Quantity

VPN

Cisco Check Point Fortinet Other

Guest Wi-Fi Separated

Yes No

Key Applications & Software

Productivity Suite

Microsoft 365 Google Workspace Other

Numbers of Licenses:

Section 2:

Local IT Support Provider

Yes No

If yes? Please Provider Contact Information

Cybersecurity Insurance?

Yes No

If yes? What's the Coverage

Annual Premium Cost?

Other?

Services & Upgrades of Interest (check all apply)

Virtual Chief Information Security Officer (vCISO, vCIO) Exchange/Email Migration Virtualized Application Hosting Network/Cabling Cleanup

Other?

Managed Services Contract

Yes No

Estimated Existing Annual IT Spend:

Additional Notes of Requirements:

Section 3: Azure Services Essentials

Microsoft Entra ID (Azure AD):

Yes No

Microsoft Entra ID (Azure AD):

Yes No

Azure Virtual Network (VNet)

Yes No

Azure Backup

Yes No

Azure Files / Blob Storage

Yes No

Azure Virtual Desktop

Yes No

Azure Site Recovery

Yes No

Microsoft Sentinel (SIEM)

Yes No

Section 3: AWS Services Essentials

EC2 Instances

Storage

Databases

Network Setup

Additional AWS Services

Resource Usage and Capacity

Approximate Monthly AWS Spend

Peak vs. Average Resource Utilization

Data Volume

Section 4: Entra and Hybrid Integration

Do you have a Hybrid Join (on-prem AD+Entra ID)

Yes No

Existing on-prem Active Directory

Yes No

Number of Domain Controllers

Using Azure AD Connect for sync

Yes No

Conditional Acces Policies Implemented

Yes No

Multi-Factor Authentication (MFA) Enable

Yes No

Section 5: Network, Connectivity & Infrastructure

Existing Fiber Connection?

ExpressRoute or VPN Gateway in use?

Yes No

Type:

Site-to-site Point-to-site ExpressRoute

Bandwidth for user (Mbps)?

Bandwidth for Servers (Mbps)?

Backup Solution in place (Local/Cloud)

Redundancy Required?

Single Dual Uplink Multi-region

Section 6: Data Encryption Requirements

Number of office/branch locations

Encryption at rest?

Yes No

Encryption in transit?

Yes No

Encryption in use (confidential computing)?

Yes No

Section 7: Select Applicable Regulatory Compliance

Banking & Financial Services

GLBA (Safeguards Rule) – Secure customer data via administrative, technical, and physical safeguards FFIEC CAT – Cybersecurity Assessment Tool for financial institutions OCC Guidance – Cyber risk management and third-party oversight FINRA – Cybersecurity protocols for broker-dealers and trading platforms FinCEN – AML, data retention, and Suspicious Activity Reporting (SAR) SOX – IT controls over financial reporting and data integrity NY DFS 23 NYCRR 500 – Cybersecurity requirements for financial institutions in NY

Healthcare & Life Sciences

HIPAA Security Rule – Safeguards for electronic Protected Health Information (ePHI) HITECH Act – Health IT provisions and breach notification mandates NIST SP 800-66 – Implementation of HIPAA Security Rule using NIST controls HITRUST CSF – Unified framework based on HIPAA, NIST, ISO, and PCI standards Stark Law – Health data relevance in self-referral relationships Anti-Kickback Statute – Risk of improper data-sharing incentives FDA 21 CFR Part 11 – Electronic records and signatures compliance GxP/Annex 11 – IT systems in pharma/lab processes

Data Privacy & International Laws

GDPR – Data protection for EU residents; lawful processing, DPIAs, DPOs CCPA / CPRA – Consumer privacy rights and data handling obligations in California NY SHIELD Act – Data security mandates for companies holding NY residents’ data PIPEDA (Canada) – Fair data practices for personal information LGPD (Brazil) – Consent-based data processing and privacy protection PDPA (Singapore, Thailand, etc.) – Regional privacy and security compliance laws

Energy & Utilities

NERC CIP – Critical Infrastructure Protection standards for BES cyber systems FERC Reliability Standards – Cybersecurity and risk oversight for regulated entities NRC 10 CFR 73.54 – Cybersecurity for nuclear facility digital systems DOE C2M2 – Cybersecurity Capability Maturity Model EPA Cybersecurity for Water Systems – Security best practices for public utilities ISA/IEC 62443 – Industrial Automation and Control Systems Security

Defense, Aerospace & Export-Controlled Sectors

ITAR – Controls on export/release of defense-related technical data EAR – Export restrictions for dual-use items and technology DDTC – Directorate of Defense Trade Controls compliance (registration, licensing, recordkeeping) CMMC 2.0 – Cybersecurity Maturity Model Certification (DoD supply chain) DFARS 252.204-7012 – Safeguarding Covered Defense Information (CDI) NIST SP 800-171 – Protecting Controlled Unclassified Information (CUI) in non-federal systems

Hosting

Backup/DR

Datacenter

Products

Colocation

CloudFortress Customer Onboarding Questionnaire

Contact

Location

Website