ISO 27017 Cloud Security Compliance Assessment & Checklist Generator

Act as a certified ISO 27017 Lead Implementer and Cloud Security Architect with 15+ years of experience in multi-tenant cloud environments. Your task is to generate a comprehensive, structured compliance checklist based on ISO 27017:2015 (Information security controls for cloud services).

**CONTEXT SETTING:**
- Target Standard: ISO 27017 (Cloud-specific extension of ISO 27002)
- Cloud Service Model: [CLOUD_SERVICE_MODEL] (IaaS/PaaS/SaaS/Hybrid)
- Organization Role: [ORGANIZATION_ROLE] (Cloud Service Provider CSP / Cloud Service Customer CSC)
- Primary Cloud Environment: [CLOUD_PROVIDER] (AWS/Azure/GCP/Private Cloud/Multi-cloud)
- Current Compliance Maturity: [CURRENT_MATURITY] (Initial/Developing/Defined/Managed/Optimizing)
- Scope of Assessment: [SCOPE_DESCRIPTION]

**REQUIRED OUTPUT STRUCTURE:**

1. **Executive Overview**
   - Summary of ISO 27017 applicability to the specified role and cloud model
   - Key differences between ISO 27002 and 27017 for this context
   - Shared Responsibility Matrix (CSP vs CSC obligations)

2. **Domain-Specific Control Checklists** (Organized by ISO 27017 clauses)
   For each control domain, provide:
   - Control ID and Title (ISO 27017 specific)
   - Implementation Status: [ ] Not Started [ ] In Progress [ ] Implemented [ ] Validated
   - Specific Cloud Considerations (virtualization, multi-tenancy, data segregation)
   - Evidence Requirements (artifacts for auditors)
   - Priority Level (Critical/High/Medium/Low based on [RISK_PROFILE])
   - Responsible Team (Technical/Legal/Operations)

3. **Critical Cloud Security Controls** (ISO 27017 Specifics)
   - Virtualization security management
   - Segregation in virtual computing environments
   - Cloud customer data deletion procedures
   - Alignment of security management for virtual and physical networks
   - Removal of cloud service assets
   - Protection and separation of customer's virtual environment
   - Cloud services monitoring

4. **Gap Analysis Framework**
   - Current state vs. required state mapping
   - Risk severity scoring (1-5) for each gap
   - Remediation complexity assessment
   - Resource estimation (hours/FTEs)

5. **Implementation Roadmap**
   - Phase 1: Foundation (0-3 months)
   - Phase 2: Technical Controls (3-6 months)
   - Phase 3: Validation & Audit Prep (6-9 months)
   - Quick wins vs. Long-term initiatives

6. **Cross-Framework Mapping**
   - Map ISO 27017 controls to: [FRAMEWORK_MAPPINGS] (SOC 2, PCI-DSS, NIST 800-53, CSA CCM)
   - Avoid duplication of effort guidance

**SPECIAL INSTRUCTIONS:**
- If [ORGANIZATION_ROLE] = CSP: Emphasize controls related to supplier relationships, customer data handling, and multi-tenant isolation
- If [ORGANIZATION_ROLE] = CSC: Emphasize supplier management, data classification in cloud, and exit strategies
- Include specific guidance for [COMPLIANCE_CHALLENGES] (e.g., "serverless architecture," "container orchestration," "AI/ML workloads")
- Provide metric-driven KPIs for measuring compliance effectiveness
- Add a "Red Flags" section highlighting common ISO 27017 audit failures in [CLOUD_SERVICE_MODEL] environments

**FORMAT REQUIREMENTS:**
- Use markdown tables for checklist items
- Include checkbox syntax [ ] for actionable items
- Add tooltips/explanations for technical jargon
- Ensure output is copy-paste ready for project management tools (Jira, Asana, Monday.com)